NAT/Firewall Configuration

This page provides information about the ports used by StoreGrid, and details on what ports need to be opened to enable StoreGrid to work across different networks behind a NAT/Firewall.

TCP Port 32004

StoreGrid Server opens this port. All Client-Server communication including backups, restore etc. (except TCP discovery) is done through this port. If a StoreGrid Server is behind a NAT/Firewall then this port needs to be opened to enable StoreGrid clients to backup to this server. Opening up this port is mandatory for the core functionality of backup and restore to work in StoreGrid. By default the port used by StoreGrid is 32004, if you have modified the 'Backup Server Port' during installation, then you have to open the corresponding port in your NAT/Firewall.

TCP SSL Port 32007

From StoreGrid 2.3, StoreGrid clients can send the backup data to the backup server on secure SSL port 32007. This port is disabled in the backup server and the client by default. SSL port can be enabled by changing the Enabled attribute to 1 in the SSL tag in the SGConfiguration.conf file. When enabled in the backup server, the StoreGrid backup server can accept backup requests on both port 32004 and the SSL port 32007. When enabled in the client, the client will start sending the backup data on the SSL port.

If SSL port is enabled in the backup server and in the client, all Client-Server communication including backups, restore etc. (except TCP discovery) from that client will be done through the SSL port 32007 and therefore if a StoreGrid Server is behind a NAT/Firewall then this port needs to be opened to enable the StoreGrid client to backup to this server.

By default the port used by StoreGrid for SSL is 32007. But it can be modified by changing the 'SSLServer' attribute in the 'Ports' tag in the SGConfiguration.conf file. This port number should be set the same in both the server and the client.

TCP Port 32005

Both StoreGrid Client and Server open this port. This port is used for two purposes:

1. For all communication between the PHP module (invoked by the StoreGrid browser based WebConsole) and the StoreGrid C++ modules. In StoreGrid, all UI requests from the browser are served by PHP pages, which in turn connect to this port to get the required data. By default the port used by StoreGrid is 32005, if you have modified the 'UI Communication Port' during installation, then you have to open the corresponding port in your NAT/Firewall.

2. StoreGrid peers also use this port to do a more complete discovery of each other sharing details about other peers etc. This TCP discovery is always enabled in StoreGrid.

This port need not be configured in the NAT/Firewall. If so, the only feature that would not work is: Switching to a StoreGrid peer behind the NAT/Firewall through the WebConsole of another StoreGrid peer outside the NAT/Firewall.

TCP Port 6060, 6061

These ports are used by the StoreGrid Web Server (Apache) to serve requests from StoreGrid WebConsole (User Interface). These ports are configurable. When you first install StoreGrid you would have been given an option to change these ports. The NAT/Firewall should also 'allow' these ports if you need the ability to connect/administer a StoreGrid peer behind the NAT/Firewall.

Multicast Ports (UDP) 6363, 6364

These two multicast ports are used by StoreGrid Clients and Servers for discovering peers within a subnet. In most networks, multicasting will work only within a subnet. There is no need to open these ports in firewall or NAT devices as multicast packets may not be sent across networks, anyway. Multicast discovery is enabled by default in StoreGrid.

UDP Port 32006

This UDP port is used in discovery of StoreGrid peers in a network. StoreGrid does a UDP scanning on port 32006 of all possible IP Addresses in a network to detect the presence of other StoreGrid peers. There is no need to open this port in the NAT/firewall as StoreGrid does the UDP scanning only within its subnet. By default, UDP network scanning is disabled in StoreGrid.