Running Crashplan Pro on a Mac OS X Server, the following TCP Ports must be open:

4280 – Web Administration, Client Software Downloads
4282 – Server-Client Communication
4285 – Secure Web Interface

To access your server’s secure admin interface you would enter https://server.url:4285 into your web browser. This will allow you to manage the server.
Source: http://support.crashplanpro.com/doku.php/reference/network_requirements

In the management interface, go to Settings > Edit Server Settings > Network Address

Server Network Settings

You will see two fields here in which a server address and port can be entered. These fields correspond to the fields on the client in Settings > Account.

Client Network Settings

Changing these fields on the server will cause the change on any client that connects. This is why this screen tell you to be careful. Putting the wrong information in this field can cause all of your clients to change the server that they connect to. If you have hundreds, or thousands of clients this is bad.
I recently ran into an issue with Crashplan where an address was pushed out to the clients, causing them to be unable to connect to the server. The address in this field was changed from port 4282 to port 4285. Suddenly no client could connect.

Now normally in a large managed environment, I would just push a script, or a plist, or cfg file, etc out to the clients with the correct information and all would be well again. Unfortunately, Crashplan doesn’t work like that. You see, Crashplan is an application that is built in Java. It doesn’t use plists, and isn’t scriptable. It has a few config files, however changing them invalidates the program’s checksums and the client application won’t launch properly. So there are 3 ways to fix this problem:

1. Go to each computer manually change that address field in the client app
(Not an option with hundreds of computers in dozens of countries)

2. Remove and re-install Crashplan from all clients using a custom installer that gives the proper address and port (I would have used Casper to do this remotely). Unfortunately this option requires every user to log in with their credentials. Depending on the server setup and your clientele, this could be an ugly solution. From making you look bad, to getting hundreds of “I don’t know my password” calls.

3. TCP Port Forwarding. Using OS X’s built in UNIX firewall, ipfw, we redirected all incoming traffic on port 4285 to port 4282. This temporarily locked us out of the web interface, but by removing the rule e can re-access it.

TCP Port Forwarding (Port Redirection) for Crashplan:
Open Terminal.app and type the following:

sudo ipfw add 00100 fwd server.ip.add.ress,4282 tcp from any to me dst-port 4285 in

This will create a listing in the firewall to redirect all incoming traffic bound for port 4285 into port 4282. Remember, if you’re running Mac OS X Server you need to enable the firewall service first in the Server Admin to get ipfw running.

Instantly, a handful of my clients connected and downloaded the proper address policy from the server and started backing up. I left the rule in place for a few days just to be sure. It worked for all clients.

Luckily for me, it was only the port that was changed. However you could use this for any changed address. Lets say you accidentally changed the address setting from 10.0.0.2:4282 to 10.1.2.3:4567. By setting up a box at the address 10.1.2.3 it will catch all the packets. Then you simply do the forwarding command with the proper info plugged in, in this case it would look like this:

sudo ipfw add 00100 fwd 10.0.0.2,4282 tcp from any to me dst-port 4567 in

To remove the rule do the command:

sudo ipfw delete 00100

Where 00100 is the rule number that I used in these examples, it can be any rule number that you use between 00001 and 65535