Page tree
Skip to end of metadata
Go to start of metadata
  1. Define the logic and structure of your local network and what access to the Internet it has.

  2. Assuming that Jira is present and the setup has access to it through the reverse proxy, we need to allow packet routing to the proxy from the Internet using HTTP or HTTPs. For example, if you use a router with firewall iptables, web server as the reverse proxy and Jira application, you need to add these rules to iptables:

iptables -A FORWARD -p tcp -m multiport --dport 80,443 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp -dport 443 -j DNAT --to-destination ip_proxy:443
iptables -t nat -A PREROUTING -p tcp -dport 80 -j DNAT --to-destination ip_proxy:80

iptables -t nat -I POSTROUTING -p tcp -m multiport --dport 80,443 -j MASQUERADE


3. If you want to limit access to service by allowing access for only fixed ip addresses, you can change rules for FORWARD and PREROUTING chains by adding directive "-s external_ip":

iptables -A FORWARD -p tcp -s some_external_ip -m multiport --dport 80,443 -j ACCEPT

iptables -t nat -A PREROUTING -s some_external_ip -p tcp -dport 443 -j DNAT --to-destination ip_proxy:443
iptables -t nat -A PREROUTING -s some_external_ip -p tcp -dport 80 -j DNAT --to-destination ip_proxy:80


NOTE: These rules are used for illustration purposes and should be modified given the infrastructure.

  • No labels