It seems that the Firewalld instructions are incorrect. Specifically, the very last group of commands, I get the following error:
[root@jira services]# firewall-cmd --permanent --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443 usage: see firewall-cmd man page Wrong usage of 'direct' options.
I am very new to firewalld, so I am unclear as to how to correct this issue.
Hi Rene,
It was missing the --direct flag on that command. I've already updated our documentation. The correct command is:
firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443
Regards,
Renato Rudnicki
In my case, I had to add the rule to the trusted zone (for the lo interface) and with a couple of minor changes. Note: the rule didn't take effect until the --reload was done. Disclaimer: I'm not a firewalld/iptables expert.
firewall-cmd --zone=trusted --permanent --direct --add-rule ipv4 nat OUTPUT 0 -p tcp -o lo --dport 443 -j REDIRECT --to-ports 8443
firewall-cmd --reload
The above is the firewalld implementation of
iptables -t nat -I OUTPUT -p tcp -o lo --dport 443 -j REDIRECT --to-ports 8443
from the Firewalld instructions page which works but isn't persistent (the rule goes away if you run "firewall-cmd --reload" or otherwise bounce the firewalld service.)
This resolved the jira health check with gadget titles showing as "__MSG_gadget.xxxxxxx": https://confluence.atlassian.com/jirakb/health-check-jira-base-url-859447384.html
Cheers,
Andrew Reedick
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.