Running JIRA with Firewall on Linux

Atlassian applications allow the use of Firewalls within our products, however Atlassian Support does not provide assistance for configuring it. Consequently, Atlassian cannot guarantee providing any support for it.

  • If assistance with configuration is required, please raise a question on Atlassian Answers.

Purpose

This documentation describes how to allow JIRA to run behind a Firewall (Iptables) on Linux. 

Verifying the Firewall rules

1- To make sure your firewall is enable, run the following command (will also show the active rules):

iptables -nL

2 - Allowing the JIRA's port to be reached behind the firewall:

iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
iptables -I FORWARD -p tcp --dport 8080 -j ACCEPT
iptables -P OUTPUT ACCEPT

3 - Add these lines if you are running JIRA on port 8443:

iptables -I INPUT -p tcp --dport 8443 -j ACCEPT
iptables -I FORWARD -p tcp --dport 8443 -j ACCEPT

4 - Allowing the forward connections:

Add the following line on /etc/sysctl.conf
net.ipv4.ip_forward = 1

5 - To save the current rules, run the following command

service iptables save

6 - The last thing to do is restart the iptables service

service iptables reload

(info) If you are running Centos 7, the management of firewall has changed. To disable the firewall follow the steps below:

Disable Firewalld

To disable firewalld, run the following command as root:

systemctl disable firewalld

Stop Firewalld

To stop firewalld, run the following command as root:

systemctl stop firewalld

Check the Status of Firewalld

To check the status of firewalld, run the following command as root:

systemctl status firewalld


(info) If you prefer to keep Firewalld active, there are a few more steps to be taken:

Verifying the firewall rules on Firewalld

1- Allowing ports and make the change permanent with the following commands:

firewall-cmd --add-port=8080/tcp
firewall-cmd --permanent -port=8080/tcp
firewall-cmd --add-port=8443/tcp
firewall-cmd --permanent --add-port=8443/tcp

2- Add the services:

firewall-cmd --add-service=http
firewall-cmd --permanent --add-service=http
firewall-cmd --add-service=https
firewall-cmd --permanent --add-service=https

3- To finish, the following commands are required to configure the forwarding:

 

firewall-cmd --add-masquerade
firewall-cmd --permanent --add-masquerade
firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443
firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 1 -p tcp -d <jira-public-ip> --dport 443 -j REDIRECT --to-ports 8443


Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport