I am running mosquitto on a raspberry pi and it all functions fine with an ethernet connection. I have two listeners, one limited to localhost for most of the functionality and another limited to the vpn ip address so that I can do some administration over vpn, all others are then excluded. The problem is that once this device goes out into the world it may or may not have an internet connection, but if the internet connection is not there, the vpn address does not exist and mosquitto fails to start.
I am using mosquitto v2.0.4, but I can update if required.
Does anyone have any suggestions on how I can solve this?
per_listener_settings true
retain_available true
log_dest stdout
listener 1883 localhost
allow_anonymous true
listener 1886 10.8.0.100
max_connections 1
allow_anonymous true
No, if you specify a listener for a non existent IP address then mosquitto will fail to start.
The solution is probably to specify a listener without an IP address (so it will bind to 0.0.0.0 and be available on all listeners) and rely on suitable authentication to limit access rather than the connection arriving on a specific interface.
If really needed you can use the firewall on the device to filter connections to that port to only be allowed from a specific subnet that matches that configured for the VPN.
Related
I've been searching high and low for a simple explanation for this. What configuration settings do I use to connect my Sonoff RF bridge to the Mosquitto server on my computer? I'm sure it's a configuration issue but most of the tutorials out there are for rPi. My skill level in this is basic and I'm sure it may be obvious to someone what's wrong.
I'm running Mosquitto on Windows 10 and have verified that the Mosquitto server is running using netstat -a (I can see the broker is listening at 0.0.0.0:1883.
I've installed Tasmota Eclipse on my Sonoff RF Bridge and have verified it is receiving signal from my door sensor by opening the UI in my browser and viewing the console. I've tried multiple host addresses in the configuration menu; localhost, 0.0.0.0, 10.0.0.1, however Tasmota only seems to connect when I leave the host field blank.
I've tried to use MQTTlens to verify that the broker is receiving messages on port 1883 and nothing seems to be coming through.
0.0.0.0 is a short hand to tell mosquitto to listen on all the available interfaces on the machine it is running on. It is meaningless to use it in the client configuration.
Likewise, localhost always means the same machine that the code making the request is running on, so in this case it would be the Sonoff device it's self.
It looks like 10.0.0.1 is the address of your local router, unless mosquitto is actually running on the router (it is very unlikely your windows machine is your router) this again is not going to be useful.
You need to use the IP address of the Windows machine that mosquitto is running on, this is going to start with 10.0.0. running ipconfig on the command line in windows is probably the quickest/simplest way to find that address.
I'm running a FTB Revelation server on my Synology-NAS and I can connect in the intranet, but when my friends or I want to connect with my public-ip, they can't connect.
A portforwading tester says, that the port is closed.
I'm using a fritzbox and my ports are opened.
What could be the problem?
I had this issue too. You probably need to call your Internet Provider and ask if you have a dedicated IP. Port forwarding for ipv4 only works with dedicated IPs.
You can use NGROK (https://ngrok.com/) to "bypass" port forwarding, but server's IP will change every time you restart NGROK, and you will not be able to see player's true IPs in the server (You will see, for example, 0:0:0:0:0:0:0 instead of 93.22.22.22)
I'm trying to use UPnP to open a port, so I'm experimenting with miniupnpc. I've observed a handful of people use and suggest upnpc -a <internal ip> <internal port> <external port> <protocol> to open the specified external port and point it to the application running on the specified internal port.
Before I continue, I will note that UPnP is on in my router's settings, and that it lists a few connections, though when I check them with a port checker I find that none of them are actually working? Or at least none of them seem to be open.
When I try to map the internal port 5000 to the external port 7777 with the following command:
upnpc -a 192.168.1.10 5000 7777 tcp
What I find is that it "works" without any explicit errors, but
the external ip it maps to isn't really an external ip at all. Here's the output following the command given above:
upnpc : miniupnpc library test client, version 2.1.
(c) 2005-2019 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
desc: http://192.168.1.1:5000/Public_UPNP_gatedesc.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Found a (not connected?) IGD : http://192.168.1.1:5000/Public_UPNP_C3
Trying to continue anyway
Local LAN ip address : 192.168.1.10
ExternalIPAddress = 192.168.0.153
InternalIP:Port = 192.168.1.10:5000
external 192.168.0.153:7777 TCP is redirected to internal 192.168.1.10:5000 (duration=0)
Obviously, 192.168.0.153 is not an external IP Address, and yet it seems to be treating it as though it is. Why might this be?
EDIT: Upon further inspection, it seems like since I have a multi-router set up, the "external ip" here is actually the internal ip of the secondary router. I wonder why this is, though, and whether it can be circumvented.
I'm trying to use mosquitto to bridge 2 other mqtt servers.
EXTERNAL > MOSQUITTO > INTERNAL
Internal requires a Username to be set. Is it possible to forward the username that is used to connect to MOSQUITTO to be forwarded to INTERNAL as well?
# connection internal
connection internal
address internal:1883
topic # out 0
topic # in 0
No, bridges are a one time thing, you do not get a bridge per connected user.
You can specify a username/password for (each end) of a bridge connection using the remote_username, remote_password, local_username and local_password config options as described in the mosquitto.conf man page.
The local_ prefix are useful to ensure that ACLs are followed for connections and when allow_anonymous false is set.
I have setup the Swann DVR Surveillance System. I am able to access the web client at 192.168.1.99:85 (static ip in internal LAN). I have port forwarded 85 packets to 192.168.1.99. But when I access my external ip eg xxx.xxx.xxx.xxx:85 I get unable to connect error.
I checked if the port is open in an online tool and it says port 85 is open. HEre is my port forwarding page:
Please Help me. Thanks in advance
EDIT: I have tried changing ports to 89, 9001, 8080 and no luck..
Ive finally figured out what I was doing wrong from a friend. It seems there is something called NAT Loopback (https://en.wikipedia.org/wiki/Network_address_translation#NAT_loopback) that allows you to access your public IP address from within your own network. Most routers have this feature disabled by default. And hence whenever you try to access your IP address the packets are dropped and you get the Host Unreachable ICMP packet.
Anyway to use this try to enable NAT Reflection or NAT Loopback on your router.
If you dont have that feature, you can test your system from outside the network and itll work just fine. Sorry for not reporting the answer sooner.
Yeah, same problem. As Steve Robinson said, you cannot always access your public IP from your NAT. Try running Apache and use your phone (turn off WiFi and turn on mobile data) to test if this is the case.