9

Currently, I'm successfully running a mosquitto broker, subscribing to topics and publishing messages with clients in a local network.

How can I communicate with another local network which is located at a different IP address?

Should I set up 2 mosquitto brokers, one for each local network?

Jorn.Beyers
  • 1,784
  • 2
  • 21
  • 26
  • 2
    For future readers: Port forward the routers you come across, test if your port is succesfully forwarded with canyouseme.org or with the "Portforward Network Utilities" software. Add an ingoing and outgoing rule to your firewall. Try to publish/subscribe the other local network by using its global IP. – Jorn.Beyers Mar 09 '15 at 22:31

4 Answers4

8

The PC in the other local network needs to be accessible from Internet, so if it is behind a firewall, you need to set a port forwarding rule inside your router. The rule needs to forward the traffic from the public IP address to the internal LAN private IP address of your broker.

Remember that MQTT uses ports 1883 and 8883 (for SSL).

tshepang
  • 12,111
  • 21
  • 91
  • 136
ppatierno
  • 9,431
  • 1
  • 30
  • 45
  • Thank you. I managed to open both ports by configuring my router. I checked with the "port forwarding network utilities" software if my port is open, and it is. Now, if I want to link a client to a broker in another local network, which IP address should I use? I assume it has to be the global IP with a kind of extension to determine which local IP I want to connect to? – Jorn.Beyers Mar 09 '15 at 15:14
  • Oh no ... you just need to connection to your global IP on port 1883 (or 8883). The router will do the work for you to forward requests to the local IP on port 1883 (or 8883). – ppatierno Mar 09 '15 at 15:55
  • Thank you for your help, I managed to connect the 2 local networks. – Jorn.Beyers Mar 09 '15 at 22:28
4

Because mqtt use tcp connections, there is also a safe way to do this as follows:

A private broker A behind a firewall. B private broker B behind another firewall. C cloud broker C on the internet.

Setup the bridge A to C in both directions. This must be configured on A. The safe tcp link to the internet will be created by A.

Setup the bridge B to C in both directions. This must be configured on B. The safe tcp link to the internet will be created by B.

This will create a much safer bridge and can be done even if you do not have control over the router or firewall.

skvery
  • 336
  • 2
  • 16
3

This all depends on how your system needs to work, but you could use multiple brokers (one in each network) then create what is known as a bridge between the brokers.

This has the benefit that the each network can continue to work independently of the others should there be a network outage.

Bridges also allow you to control which messages are shared between sites. Details of how to create a bridge are in the mosquitto.conf man page:

http://mosquitto.org/man/mosquitto-conf-5.html

But as Paolo says, you will need to set up port forwarding for port 1883/8883 on your router to expose the the brokers to the internet.

hardillb
  • 54,545
  • 11
  • 67
  • 105
0

Here are the steps to allow public connections to MQTT server within private space (home)

  1. allow port forwarding on your router

    public port 1883 should be forwarded to private port 1883 IP Address to forward requests on this port should be of the IP address of MQTT server/PC in your home/private network

  2. Update Mosquitto configuration to allow public listeners

    add line listener 1883 0.0.0.0 under #listener port-number [ip address/host name] This will allow requests from any source on 1883 port to be handled by your MQTT

  3. Restart MQTT

I could successfully open up my MQTT server to public/internet traffic by following above steps after many trial and errors with many different configuration changes.

Srinivas Badepally
  • 11
  • 2
  • 1
    This is not a good idea, as by your setup you expose unencrypted traffic to the outside world – woodz Jun 12 '20 at 19:06