Crashplan and security

[maxse]

So I understand that unraid is not secure at all and we shouldn't open it to the net, which I don't want to do.

 

But I am thinking of running crashplan on it to automatically backup key folders. Now wouldn't this require port forwarding on my router and in effect open up the unraid to the web? or does this work with some kind of different, more secure, method?

[mrow]

So I understand that unraid is not secure at all and we shouldn't open it to the net, which I don't want to do.

 

But I am thinking of running crashplan on it to automatically backup key folders. Now wouldn't this require port forwarding on my router and in effect open up the unraid to the web? or does this work with some kind of different, more secure, method?

 

Backing up to CrashPlan would be outgoing traffic. You shouldn't have to open any incoming ports.

[boof]

Backing up to CrashPlan would be outgoing traffic. You shouldn't have to open any incoming ports.

 

This is true - but because crashplan acts as both a client and a server it will try to open an incoming port.

 

It is upnp etc aware so it may just 'happen' without your knowledge presuming your router etc supports it.

 

I'm not sure if you can disable the inbound port completely but you can certainly disable upnp etc in crashplan / forcibly block the inbound port at your router.

 

This only applies to a port bound to the crashplan client. This isn't opening up 'unraid' to the web as such.

[garycase]

Crashplan encrypts the data in both directions; and the only communication allowed is between the Crashplan client and the remote Crashplan servers.    It is definitely NOT "opening up" your UnRAID to the outside world 

[boof]

Crashplan encrypts the data in both directions; and the only communication allowed is between the Crashplan client and the remote Crashplan servers. 

 

As above, this isn't true. The crashplan 'client' is also a server and will try to open up a port to allow inbound connections.

 

Whether this succeeds based on your client config, router config or firewall / other network considerations is another matter. But crashplan will want to go there whether you intend to use it or not.

 

Have a look at port 4242 on your unraid server...

[Automatic]

Crashplan encrypts the data in both directions; and the only communication allowed is between the Crashplan client and the remote Crashplan servers. 

 

As above, this isn't true. The crashplan 'client' is also a server and will try to open up a port to allow inbound connections.

 

Whether this succeeds based on your client config, router config or firewall / other network considerations is another matter. But crashplan will want to go there whether you intend to use it or not.

 

Have a look at port 4242 on your unraid server...

 

Pretty sure it's port 4242 and 4243. 4242 is for the transmitting of data (That you backup), 4243 is for the GUI.

[boof]

Pretty sure it's port 4242 and 4243. 4242 is for the transmitting of data (That you backup), 4243 is for the GUI.

 

4242 is the port used for transmitting data and the port crashplan will open 'to the world' both on the server (i.e bound to all interfaces) and also try to upnp / traverse NAT in combination with your router.

 

4243 is indeed the GUI comms port but is only bound to localhost on the server. Crashplan doesn't try to make it open to the world - which is why I didn't mention it.

[Automatic]

Pretty sure it's port 4242 and 4243. 4242 is for the transmitting of data (That you backup), 4243 is for the GUI.

 

4242 is the port used for transmitting data and the port crashplan will open 'to the world' both on the server (i.e bound to all interfaces) and also try to upnp / traverse NAT in combination with your router.

 

4243 is indeed the GUI comms port but is only bound to localhost on the server. Crashplan doesn't try to make it open to the world - which is why I didn't mention it.

 

Oh, I forgot. Sorry, I changed mine so that 4243 is open to the world. Silly me.

 

Yeah, you're right.