Skip to main content
Code42 Support

Use port forwarding in your Code42 environment

Available in:

  • CrashPlan PRO
    • Standard
    • Premium
    • Enterprise
Applies to:

Overview

The Code42 platform uses a fixed set of ports for network communications. Some network administrators may block these ports. You can use port forwarding, also called port mapping, to avoid port conflicts and port restrictions within your Code42 environment and on other networks.

This article describes how to forward a nonstandard, inbound port used by the Code42 platform to a standard port that is accepted in most networks.

Considerations

The processes presented here are required only for some Code42 environments:

  • For Managed Private Cloud customers, our Customer Champions configure port forwarding on request. If you have purchased a managed appliance from Code42, contact our Customer Champions for Code42 for Enterprise support or CrashPlan PRO support to configure port forwarding for your Code42 environment.
  • If your network does not employ port restrictions, these steps may not be necessary for your Code42 environment.

This article requires basic knowledge of port forwarding and network address translation (NAT).

Definitions

host server
The server that runs your Code42 server software
nonstandard port
A port between 1024 and 49151 that is not currently assigned by the Internet Assigned Numbers Authority (IANA) to any specific service or application. The Code42 platform uses several of these ports. Because these ports are not assigned for a specific task, some networks block traffic on these ports to avoid unwanted or insecure network activity.
For example, the IANA has not assigned TCP port 4282 to any protocol or application, but the Code42 platform uses it for communications between devices and Code42 servers.
well-known port

A port between 0 and 1023 that is assigned by the Internet Assigned Numbers Authority (IANA) to be used for a specific service or application. The Code42 platform uses several of these ports.
For example, the IANA has assigned TCP/UDP port 389 for use with LDAP services, and the Code42 platform uses TCP port 389 for LDAP communication.

Use cases for port forwarding

The Code42 platform uses some nonstandard ports in order to minimize conflicts with network traffic from other sources and applications. When the required ports are restricted, some operations of your Code42 environment cannot function as intended.

Networks in enterprise environments may restrict nonstandard network traffic, including ports used by the Code42 platform. For example, users connecting from outside your network cannot back up and restore files if their network restricts traffic on TCP port 4282. Forwarding inbound traffic in your Code42 environment to a well-known port bypasses the blocked port restrictions.

Secure web traffic (4285)

The Code42 platform uses TCP port 4285 for secure communications with web resources in your Code42 environment, such as the administration console, as well as for other web-enabled tools and technologies, including Single Sign-On and the Code42 API.

Forwarding a well-known, inbound port, such as 443, to 4285 is useful if:

  • Users access the administration console from networks that block nonstandard ports.
  • Your SSO identity provider doesn't accept port information in service provider metadata.

Device-to-server communication (4282)

The Code42 platform uses TCP port 4282 for communication between devices and destinations.

Forwarding a well-known, inbound port, such as 443, to 4282 permits your users connecting from outside your network to back up and restore files, especially if your network strongly restricts nonstandard ports.

Port forwarding options

There are many options for configuring port forwarding. We recommend configuring port forwarding either within your network infrastructure or within the server that hosts the Code42 server software.

Option A: Configure your network firewall or router

When an inbound port is forwarded on a network firewall or router, the host server receives connections to the forwarded destination port. No additional configuration is necessary on the host server.

Port forwarding on network hardware

Considerations
  • Configure port forwarding on all appropriate network hardware so that all Code42 servers in your Code42 environment use the same port forwarding configurations.
  • Mechanisms for port forwarding may be different for various elements of network infrastructure.

Each network configuration handles port forwarding differently. Consult the documentation of your network infrastructure or hardware manufacturer for information on port forwarding.

Option B: Configure your operating system

When an inbound port is forwarded on the host server, the host server operating system receives connections on the original destination port. Software running on the host server forwards the original destination port to a new port before the connections are accepted by applications running on the host server.

Port forwarding on the operating system

Considerations
  • In a multi-server Code42 environment, you must configure port forwarding on all Code42 servers in your Code42 environment.
  • Ensure that you are applying port forwarding to the appropriate network interface(s) on your Code42 server.
  • Mechanisms for port forwarding may be different for various operating systems. Several sample instructions are provided here for convenience.
Non-Code42 products
​Information about products from other manufacturers is intended as a resource to help you get the most out of Code42 products. However, our Customer Champions cannot provide direct assistance for these products. For assistance with products not developed by Code42, contact the product's manufacturer.

Linux

Linux servers most often use the iptables utility for port forwarding.

Windows

Windows servers commonly rely on the Routing and Remote Access Service (RRAS) role, an official component of Windows Server operating systems, for port forwarding. You may need to install the RRAS role first.

Configure port forwarding in your Code42 environment

We recommend selecting only one of the options below for configuring port forwarding:

  • Forward inbound traffic from TCP port 443 to TCP port 4285, used to access web resources in your Code42 environment
  • Forward inbound traffic from TCP port 443 to TCP port 4282, used for device-to-server communication in your Code42 environment

A single external port for any publicly-routable IP address can be forwarded to only one internal port. For example, TCP port 443 on the external IP address 192.0.2.150 cannot be forwarded to both internal TCP ports 4282 and 4285.

Considerations For Configuring Port Forwarding
  • Port forwarding is a network setting that affects all types of network traffic.
    • To avoid unintended impacting other services in your network, configure port forwarding for connections destined to your Code42 servers only.
    • If necessary, configure any web filters or proxies to permit traffic on the forwarded ports. If you do not, backup traffic may be negatively affected.
  • Before configuring port forwarding, review TCP & UDP Ports Used By The Code42 platform to understand all the purposes of each port within your Code42 environment.

Option A: Forward TCP port 443 to 4285

Secure web traffic and single sign-on
Changing the settings described here may disrupt authentication in an existing single sign-on configuration. Test these settings on a secondary authority server before implementing them in your production environment.

For each Code42 server in your Code42 environment:

  1. Sign in to your administration console.
  2. Go to Settings > Server.
  3. Change the port-specific server settings.
    • The port-specific settings are: Website protocol, host and port
    • Depending on your port forwarding configuration and requirements of your SSO environment, you may wish to use port 443 or to remove the port information altogether.
  4. Resubmit the authority server's updated metadata file and new metadata file URL to your identity provider.
    This step is applicable only to authority servers using single sign-on.
  5. Implement inbound port forwarding on your host servers or network infrastructure, as described above.

Option B: Forward TCP port 443 to 4282

HTTPS inspection
Devices or software that inspect secure communications over port 443 may reject non-HTTPS communication, including communication for the Code42 app. In order to use port forwarding for Code42 app communication, you must configure your network to accept non-HTTPS traffic on TCP port 443.

For each Code42 server in your Code42 environment:

  1. Sign in to your administration console.
  2. Go to Settings > Server.
  3. Change the Primary Network Address to use port 443.
  4. Implement inbound port forwarding on your host servers or network infrastructure, as described above.
  5. Change the Secondary Network Address to use port 443 after all devices have received the updated Primary Network Address setting.

Still unsure?

Please contact Sales for information on our consulting options.