Home › Forums › Conduit: mLinux Model › Having trouble connection to MQTT broker
Tagged: mqtt
Dave.
DaveSome time ago, I asked how to connect to the Conduit’s MQTT broker from a program running on another host in the network. I got this reply, which solved my problem. However, I’ve come across a situation where this solution isn’t working and I’m hoping someone can help.
I have another conduit and am using a PAHO client to connect from my Linux workstation. I’ve edited the Conduit’s mosquitto.conf file, commented out the “bind_address”, and restarted mosquitto. netstat shows that mosquitto is bound and listening on the correct address:port
#netstat -tlnp
….
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 8103/mosquitto
….
I can ping and trace route to the conduit from my workstation, but when I try to connect my PAHO client (with the URL “tcp://<ipaddr>:1883” i’m getting:
Unable to connect to server (32103) – java.net.ConnectException: Connection timed out: connect
If can connect using the same code to my old Conduit though.
Does anyone have any ideas what I could try to get this to work?
Thanks,
Dave.
Jason ReissDid you open the port through the firewall?
DaveWhen you say “the firewall”, which firewall? The device is in our internal network and does not pass through any firewall.
Jason ReissI meant any firewall in-between. This is a regular fix for AEP models that configure a firewall to not allow in-bound traffic. Since you are running mLinux there is not firewall enabled by default.
DaveYou say that there is no firewall enabled by default but can you enable a firewall in mLinux? This device was being used by another group in our organization and I can’t find out who all had their fingers on it. Is there a way I can tell if a firewall was enabled on the device (assuming you can enable one).
Thanks
DaveI made some progress. I looked at the output from iptables-save command on both Conduits and saw some differences between the one I could access and the one I was having trouble accessing. I saved the output from the “good” iptables-save command to a file, copied that file to the “bad” Conduit, did iptables-restore < <good-file> and I was able to access the MQTT server. Only problem is that on reboot, everything stops working and I have to reissue the iptables-restore command.
I’m not familiar with iptables. Can it be disabled? Can I disable it or at least save the new configuration through a reboot?
Jeff HatchDave,
One way to “stop” iptables would be to follow the instructions here:
https://www.cyberciti.biz/faq/debian-iptables-stop/
Make sure to save off your rules in case you want to restore them. and then use the shell script to open things wide. Be aware that this could lead to vulnerabilities. You could compare the two output files of the iptables-save on each device and see what the difference is. There must be something different on the system with the problem.
Jeff
DaveThanks Jeff,
After looking at the difference between the two, I was able to find the missing rule and add it to the filter table to get things working but I still haven’t found out how to persist that rule through a reboot. Once I reboot, the rule is gone. Is there some magic place or command that will make this permanent?
Dave.
DaveI managed to figure this out.
I was doing all my work from the command line and not using your Web UI 🙁 Once I added the rule and clicked “Save and Restart”. Everything is now working.
Thanks for your help