Is it possible to use the mosquitto broker over LAN?

Home Forums Conduit: AEP Model Is it possible to use the mosquitto broker over LAN?

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #33219
    Stephen Horn
    Participant

    The Conduit AEP comes packaged with an MQTT broker called mosquitto 1.6.14 . Its default configuration is set for a localhost communication. But is it possible to use it over a LAN using the lease ranges of 192.x.x.x?

    I claim this is not possible. I present the following as evidence that this does not work. Hopefully, some brave person will appear in this thread and prove me wrong.

    mosquitto is running on the gateway at IP 192.168.2.1
    The remote computer is 192.168.2.104 It will attempt to publish to the broker but time out.

    Contents of mosquitto.conf

    
    user mosquit
    listener 8883 0.0.0.0
    protocol mqtt
    log_dest syslog
    log_type all
    connection_messages true
    log_timestamp true
    allow_anonymous false
    password_file /etc/mosquitto/plaintext
    

    Three ssh sessions are established. One for tail’ing the broker’s log. One for a subscriber. And another for a publisher. mosquitto_pub and mosquitto_sub are run locally and the payload is delivered correctly. But these are all local communications. We want to publish from the remote *.104 computer. At the very least we want to see something happen on the gateway’s log. But all attempts time out. Note the connected subscriber at 57734.

    
    $ netstat -tp
    netstat: showing only processes with your user ID
    Active Internet connections (w/o servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 192.168.2.1:8883        192.168.2.1:57734       ESTABLISHED -
    tcp        0      0 192.168.2.1:ssh         192.168.2.104:51723     ESTABLISHED -
    tcp        0      0 192.168.2.1:57734       192.168.2.1:8883        ESTABLISHED 4365/mosquitto_sub
    tcp        0      0 192.168.2.1:ssh         192.168.2.104:51569     ESTABLISHED -
    tcp        0    140 192.168.2.1:ssh         192.168.2.104:51765     ESTABLISHED -
    

    The listener appears on port 8883.

    
    $ netstat -tulpn
    netstat: showing only processes with your user ID
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:8883            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
    tcp        0      0 :::53                   :::*                    LISTEN      -
    tcp        0      0 :::22                   :::*                    LISTEN      -
    tcp        0      0 :::443                  :::*                    LISTEN      -
    udp        0      0 0.0.0.0:53              0.0.0.0:*                           -
    udp        0      0 0.0.0.0:67              0.0.0.0:*                           -
    udp        0      0 :::53                   :::*                                -
    
    

    The firewall on the Conduit AEP is set to allow 8883 and 1883 by whitelist.

    
    ~# iptables -L
    Chain TRUSTED_IP_INPUT (1 references)
    target     prot opt source               destination
    RETURN     tcp  --  anywhere             anywhere             source IP range 192.168.2.102-192.168.2.106 tcp dpt:1883
    RETURN     udp  --  anywhere             anywhere             source IP range 192.168.2.102-192.168.2.106 udp dpt:1883
    RETURN     tcp  --  anywhere             anywhere             source IP range 192.168.2.102-192.168.2.106 tcp dpt:8883
    RETURN     udp  --  anywhere             anywhere             source IP range 192.168.2.102-192.168.2.106 udp dpt:8883
    DROP       all  --  anywhere             anywhere             state NEW
    
    

    The firewall on the remote computer is completely disabled.

    
    Domain Profile
    {x} Windows Defender Firewall is off
    _
    Private Profile
    {x} Windows Defender Firewall is off
    _
    Public Profile
    {x} Windows Defender Firewall is off
    [->] Windows Defender Firewall Properties 
    

    disabled windows firewall

    Successful local pubs and subs appear in the /var/log/mosquitto.log

    
    2022-09-22T18:33:11.758357-04:00 mtcap mosquitto[4091]: New connection from 192.168.2.1 on port 8883.
    2022-09-22T18:33:11.764226-04:00 mtcap mosquitto[4091]: New client connected from 192.168.2.1 as mosq-uQu5OKrc9nYuqKEN8A (p2, c1, k60, u'bridgechirp').
    2022-09-22T18:33:11.766554-04:00 mtcap mosquitto[4091]: No will message specified.
    2022-09-22T18:33:11.766982-04:00 mtcap mosquitto[4091]: Sending CONNACK to mosq-uQu5OKrc9nYuqKEN8A (0, 0)
    2022-09-22T18:33:11.780655-04:00 mtcap mosquitto[4091]: Received PUBLISH from mosq-uQu5OKrc9nYuqKEN8A (d0, q0, r0, m0, 'newsEvent', ... (11 bytes))
    2022-09-22T18:33:11.781235-04:00 mtcap mosquitto[4091]: Sending PUBLISH to mosq-eoozTCsMlL1dIFDkoM (d0, q0, r0, m0, 'newsEvent', ... (11 bytes))
    2022-09-22T18:33:11.788082-04:00 mtcap mosquitto[4091]: Received DISCONNECT from mosq-uQu5OKrc9nYuqKEN8A
    2022-09-22T18:33:11.789566-04:00 mtcap mosquitto[4091]: Client mosq-uQu5OKrc9nYuqKEN8A disconnected.
    

    The remote *.104 computer attempts connection over port 443 to Conduit AEP and succeeds,

    
    PS C:\BROKER> $connection = New-Object System.Net.Sockets.TcpClient("192.168.2.1", "443")
    PS C:\BROKER> echo $connection.Connected
    True
    

    Remote computer *.104 telnet to Conduit AEP port 22 responds correctly,

    
    $ telnet
    telnet> open 192.168.2.1 22
    Trying 192.168.2.1...
    Connected to 192.168.2.1.
    Escape character is '^]'.
    SSH-2.0-OpenSSH_8.4
    

    Telnet over 8883 fails.

    
    $ telnet
    telnet> open 192.168.2.1 8883
    Trying 192.168.2.1...
    telnet: Unable to connect to remote host: Connection timed out
    telnet>
    

    TcpClient() into port 8883 fails.

    $connection = New-Object System.Net.Sockets.TcpClient("192.168.2.1", "8883")
    New-Object : Exception calling ".ctor" with "2" argument(s): "A connection attempt failed because the connected party did not
    properly respond after a period of time, or established connection failed because connected host has failed to respond
    192.168.2.1:8883"
    

    Publish from remote *.104 to Conduit AEP times out.

    
    PS C:\BROKER\mosquitto> .\mosquitto_pub.exe -h 192.168.2.1 -p 8883 -t newsEvent -m "opti Payload"  -u redacted -P redacted
    Error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
    

    All the above were also tried using port 1883. I tried user myUser in replace of user mosquit, where myUser is the log in to the gateway. None of those changes fixed the problem. Attempts to contact the developers, Eclipse, through their forums yielded zero responses. I thought Multitech would fair better. If need be, I can create a support case.

    • This topic was modified 2 years ago by Stephen Horn. Reason: typos and connected subscriber
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.