It seems that the Firewalld instructions are incorrect. Specifically, the very last group of commands, I get the following error:
[root@jira services]# firewall-cmd --permanent --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443 usage: see firewall-cmd man page Wrong usage of 'direct' options.
I am very new to firewalld, so I am unclear as to how to correct this issue.
It was missing the --direct flag on that command. I've already updated our documentation. The correct command is:
firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443
In my case, I had to add the rule to the trusted zone (for the lo interface) and with a couple of minor changes. Note: the rule didn't take effect until the --reload was done. Disclaimer: I'm not a firewalld/iptables expert.
firewall-cmd --zone=trusted --permanent --direct --add-rule ipv4 nat OUTPUT 0 -p tcp -o lo --dport 443 -j REDIRECT --to-ports 8443
The above is the firewalld implementation of
iptables -t nat -I OUTPUT -p tcp -o lo --dport 443 -j REDIRECT --to-ports 8443
from the Firewalld instructions page which works but isn't persistent (the rule goes away if you run "firewall-cmd --reload" or otherwise bounce the firewalld service.)
This resolved the jira health check with gadget titles showing as "__MSG_gadget.xxxxxxx": https://confluence.atlassian.com/jirakb/health-check-jira-base-url-859447384.html
Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs