Mosquitto allow local network access

Mosquitto just updated and broke all of my external connections. I can connect to it from the machine it is running on but not other machines on the local network.

from it’s log file:
1614361328: Starting in local only mode. Connections will only be possible from cl
ients running on this machine.
1614361328: Create a configuration file which defines a listener to allow remote a
ccess.
1614361328: Opening ipv4 listen socket on port 1883.
1614361328: Opening ipv6 listen socket on port 1883.

I have not found the configuration setting for mosquitto to allow access from my local network.
to whit: “Create a configuration file which defines a listener to allow remote a
ccess.”

How do I turn off local only mode?

any pointers?

I got below from post on stack overflow

Starting with the release of Mosquitto version 2.0.0 (you are running v2.0.2) the default config will only bind to localhost as a move to a more secure default posture.

If you want to be able to access the broker from other machines you will need to explicitly edit the config files to either add a new listener that binds to the external IP address (or 0.0.0.0) or add a bind entry for the default listener.

More details can be found in the 2.0 release notes here

2 Likes
listener 1883 0.0.0.0

in mosquitto.conf

2 Likes

I also had to add allow anonymous true to get it to work

listener 1883 0.0.0.0
allow_anonymous true

THANK You all

Different topics: You allow access by anyone from anywhere, i require valid username/password combinations.

I am currently trying to restrict mosquitto to the subnet 192.168.1.0/24 but that is erroring out

listener 1883 192.168.1.0/24 does not work

Suggestions on how to limit mosquitto to a subnet?
TIA

next: I will have to reprogram all of my mqtt IOT devices to use a secure login.

Looking through the mosquitto docs I don’t see a way to filter subnets. The closest thing I found was that you can use a config like

listener 1883
bind_interface eth0

And then use your firewall to set up rules about the traffic coming in on that port to limit it to the same subnet.

Hello All, reading this to try and solve my issue and wondered if anyone could possibly help.

I have a sonoff s26 switch flashed with Tasmota and I’m trying to get it to connect to mosquitto over the LAN.

I set Listener as suggested and changed allow_anonymous true but the tasmota is still giving me an RC-2 error. I have two switches on different firmware and the other is giving me an RC -5 error which I’m guessing is the same issue.

17:10:57 MQT: Connect failed to 192.168.0.61:1883, rc -2. Retry in 10 sec
17:06:21.246 MQT: Connect failed to 192.168.0.61:1883, rc -2. Retry in 70 sec

Hopefully I’m being really thick and missing something obvious.

Thanks

This is the mosquitto_config file that I changed the Listener.

You probably already figured it out, but have you tried adding an inbound rule to open port 1883 in the firewall settings?