Running JIRA with Firewall on Linux

Still need help?

The Atlassian Community is here for you.

Ask the community

Atlassian applications allow the use of Firewalls within our products, however Atlassian Support does not provide assistance for configuring it. Consequently, Atlassian cannot guarantee providing any support for it.

  • If assistance with configuration is required, please raise a question on Atlassian Answers.


This documentation describes how to allow JIRA to run behind a Firewall (Iptables) on Linux. 

Verifying the Firewall rules

1- To make sure your firewall is enable, run the following command (will also show the active rules):

iptables -nL


2 - Allowing the JIRA's port to be reached behind the firewall:

iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
iptables -I FORWARD -p tcp --dport 8080 -j ACCEPT

3 - Add these lines if you are running JIRA on port 8443:

iptables -I INPUT -p tcp --dport 8443 -j ACCEPT
iptables -I FORWARD -p tcp --dport 8443 -j ACCEPT

4 - Allowing connections to JIRA from itself (to ensure you don't run into problems with gadget titles showing as __MSG_gadget)

iptables -t nat -I OUTPUT -p tcp -o lo --dport 80 -j REDIRECT --to-ports 8080


5 - Allowing the forward connections:

Add the following line on /etc/sysctl.conf
net.ipv4.ip_forward = 1

6 - To save the current rules, run the following command

service iptables save

7 - The last thing to do is restart the iptables service

service iptables reload


(info) If you are running Centos 7, the management of firewall has changed. To disable the firewall follow the steps below:

Disable Firewalld

To disable firewalld, run the following command as root:

systemctl disable firewalld

Stop Firewalld

To stop firewalld, run the following command as root:

systemctl stop firewalld

Check the Status of Firewalld

To check the status of firewalld, run the following command as root:

systemctl status firewalld

(info) If you prefer to keep Firewalld active, there are a few more steps to be taken:

Verifying the firewall rules on Firewalld

1- Allowing ports and make the change permanent with the following commands:

firewall-cmd --add-port=8080/tcp
firewall-cmd --permanent -port=8080/tcp
firewall-cmd --add-port=8443/tcp
firewall-cmd --permanent --add-port=8443/tcp

2- Add the services:

firewall-cmd --add-service=http
firewall-cmd --permanent --add-service=http
firewall-cmd --add-service=https
firewall-cmd --permanent --add-service=https

3- To finish, the following commands are required to configure the forwarding:


firewall-cmd --add-masquerade
firewall-cmd --permanent --add-masquerade
firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d --dport 443 -j REDIRECT --to-ports 8443
firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 1 -p tcp -d <jira-public-ip> --dport 443 -j REDIRECT --to-ports 8443

Last modified on May 1, 2017

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.