Is it possible to use the mosquitto broker over LAN?
Home › Forums › Conduit: AEP Model › Is it possible to use the mosquitto broker over LAN?
- This topic has 0 replies, 1 voice, and was last updated 2 years ago by Stephen Horn.
-
AuthorPosts
-
September 22, 2022 at 7:47 pm #33219Stephen HornParticipant
The Conduit AEP comes packaged with an MQTT broker called mosquitto 1.6.14 . Its default configuration is set for a localhost communication. But is it possible to use it over a LAN using the lease ranges of 192.x.x.x?
I claim this is not possible. I present the following as evidence that this does not work. Hopefully, some brave person will appear in this thread and prove me wrong.
mosquitto is running on the gateway at IP 192.168.2.1
The remote computer is 192.168.2.104 It will attempt to publish to the broker but time out.Contents of mosquitto.conf
user mosquit listener 8883 0.0.0.0 protocol mqtt log_dest syslog log_type all connection_messages true log_timestamp true allow_anonymous false password_file /etc/mosquitto/plaintext
Three ssh sessions are established. One for tail’ing the broker’s log. One for a subscriber. And another for a publisher. mosquitto_pub and mosquitto_sub are run locally and the payload is delivered correctly. But these are all local communications. We want to publish from the remote *.104 computer. At the very least we want to see something happen on the gateway’s log. But all attempts time out. Note the connected subscriber at 57734.
$ netstat -tp netstat: showing only processes with your user ID Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.2.1:8883 192.168.2.1:57734 ESTABLISHED - tcp 0 0 192.168.2.1:ssh 192.168.2.104:51723 ESTABLISHED - tcp 0 0 192.168.2.1:57734 192.168.2.1:8883 ESTABLISHED 4365/mosquitto_sub tcp 0 0 192.168.2.1:ssh 192.168.2.104:51569 ESTABLISHED - tcp 0 140 192.168.2.1:ssh 192.168.2.104:51765 ESTABLISHED -
The listener appears on port 8883.
$ netstat -tulpn netstat: showing only processes with your user ID Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:8883 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN - tcp 0 0 :::53 :::* LISTEN - tcp 0 0 :::22 :::* LISTEN - tcp 0 0 :::443 :::* LISTEN - udp 0 0 0.0.0.0:53 0.0.0.0:* - udp 0 0 0.0.0.0:67 0.0.0.0:* - udp 0 0 :::53 :::* -
The firewall on the Conduit AEP is set to allow 8883 and 1883 by whitelist.
~# iptables -L Chain TRUSTED_IP_INPUT (1 references) target prot opt source destination RETURN tcp -- anywhere anywhere source IP range 192.168.2.102-192.168.2.106 tcp dpt:1883 RETURN udp -- anywhere anywhere source IP range 192.168.2.102-192.168.2.106 udp dpt:1883 RETURN tcp -- anywhere anywhere source IP range 192.168.2.102-192.168.2.106 tcp dpt:8883 RETURN udp -- anywhere anywhere source IP range 192.168.2.102-192.168.2.106 udp dpt:8883 DROP all -- anywhere anywhere state NEW
The firewall on the remote computer is completely disabled.
Domain Profile {x} Windows Defender Firewall is off _ Private Profile {x} Windows Defender Firewall is off _ Public Profile {x} Windows Defender Firewall is off [->] Windows Defender Firewall Properties
Successful local pubs and subs appear in the /var/log/mosquitto.log
2022-09-22T18:33:11.758357-04:00 mtcap mosquitto[4091]: New connection from 192.168.2.1 on port 8883. 2022-09-22T18:33:11.764226-04:00 mtcap mosquitto[4091]: New client connected from 192.168.2.1 as mosq-uQu5OKrc9nYuqKEN8A (p2, c1, k60, u'bridgechirp'). 2022-09-22T18:33:11.766554-04:00 mtcap mosquitto[4091]: No will message specified. 2022-09-22T18:33:11.766982-04:00 mtcap mosquitto[4091]: Sending CONNACK to mosq-uQu5OKrc9nYuqKEN8A (0, 0) 2022-09-22T18:33:11.780655-04:00 mtcap mosquitto[4091]: Received PUBLISH from mosq-uQu5OKrc9nYuqKEN8A (d0, q0, r0, m0, 'newsEvent', ... (11 bytes)) 2022-09-22T18:33:11.781235-04:00 mtcap mosquitto[4091]: Sending PUBLISH to mosq-eoozTCsMlL1dIFDkoM (d0, q0, r0, m0, 'newsEvent', ... (11 bytes)) 2022-09-22T18:33:11.788082-04:00 mtcap mosquitto[4091]: Received DISCONNECT from mosq-uQu5OKrc9nYuqKEN8A 2022-09-22T18:33:11.789566-04:00 mtcap mosquitto[4091]: Client mosq-uQu5OKrc9nYuqKEN8A disconnected.
The remote *.104 computer attempts connection over port 443 to Conduit AEP and succeeds,
PS C:\BROKER> $connection = New-Object System.Net.Sockets.TcpClient("192.168.2.1", "443") PS C:\BROKER> echo $connection.Connected True
Remote computer *.104 telnet to Conduit AEP port 22 responds correctly,
$ telnet telnet> open 192.168.2.1 22 Trying 192.168.2.1... Connected to 192.168.2.1. Escape character is '^]'. SSH-2.0-OpenSSH_8.4
Telnet over 8883 fails.
$ telnet telnet> open 192.168.2.1 8883 Trying 192.168.2.1... telnet: Unable to connect to remote host: Connection timed out telnet>
TcpClient() into port 8883 fails.
$connection = New-Object System.Net.Sockets.TcpClient("192.168.2.1", "8883") New-Object : Exception calling ".ctor" with "2" argument(s): "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.2.1:8883"
Publish from remote *.104 to Conduit AEP times out.
PS C:\BROKER\mosquitto> .\mosquitto_pub.exe -h 192.168.2.1 -p 8883 -t newsEvent -m "opti Payload" -u redacted -P redacted Error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
All the above were also tried using port 1883. I tried
user myUser
in replace ofuser mosquit
, wheremyUser
is the log in to the gateway. None of those changes fixed the problem. Attempts to contact the developers, Eclipse, through their forums yielded zero responses. I thought Multitech would fair better. If need be, I can create a support case.- This topic was modified 2 years ago by Stephen Horn. Reason: typos and connected subscriber
-
AuthorPosts
- You must be logged in to reply to this topic.