Mosquitto allow local network access

vv_rockhound · February 26, 2021, 6:33pm

Mosquitto just updated and broke all of my external connections. I can connect to it from the machine it is running on but not other machines on the local network.

from it’s log file:
1614361328: Starting in local only mode. Connections will only be possible from cl
ients running on this machine.
1614361328: Create a configuration file which defines a listener to allow remote a
ccess.
1614361328: Opening ipv4 listen socket on port 1883.
1614361328: Opening ipv6 listen socket on port 1883.

I have not found the configuration setting for mosquitto to allow access from my local network.
to whit: “Create a configuration file which defines a listener to allow remote a
ccess.”

How do I turn off local only mode?

any pointers?

tmjpugh · February 26, 2021, 7:00pm

I got below from post on stack overflow

Starting with the release of Mosquitto version 2.0.0 (you are running v2.0.2) the default config will only bind to localhost as a move to a more secure default posture.

If you want to be able to access the broker from other machines you will need to explicitly edit the config files to either add a new listener that binds to the external IP address (or 0.0.0.0) or add a bind entry for the default listener.

More details can be found in the 2.0 release notes here

m0wlheld · February 26, 2021, 7:02pm

listener 1883 0.0.0.0

in mosquitto.conf

vv_rockhound · February 26, 2021, 7:22pm

I also had to add allow anonymous true to get it to work

listener 1883 0.0.0.0
allow_anonymous true

THANK You all

m0wlheld · February 26, 2021, 7:32pm

Different topics: You allow access by anyone from anywhere, i require valid username/password combinations.

vv_rockhound · February 26, 2021, 7:54pm

I am currently trying to restrict mosquitto to the subnet 192.168.1.0/24 but that is erroring out

listener 1883 192.168.1.0/24 does not work

Suggestions on how to limit mosquitto to a subnet?
TIA

next: I will have to reprogram all of my mqtt IOT devices to use a secure login.

mhirsch · December 20, 2021, 5:21am

Looking through the mosquitto docs I don’t see a way to filter subnets. The closest thing I found was that you can use a config like

listener 1883
bind_interface eth0

And then use your firewall to set up rules about the traffic coming in on that port to limit it to the same subnet.

btbr · June 23, 2022, 4:16pm

Hello All, reading this to try and solve my issue and wondered if anyone could possibly help.

I have a sonoff s26 switch flashed with Tasmota and I’m trying to get it to connect to mosquitto over the LAN.

I set Listener as suggested and changed allow_anonymous true but the tasmota is still giving me an RC-2 error. I have two switches on different firmware and the other is giving me an RC -5 error which I’m guessing is the same issue.

17:10:57 MQT: Connect failed to 192.168.0.61:1883, rc -2. Retry in 10 sec
17:06:21.246 MQT: Connect failed to 192.168.0.61:1883, rc -2. Retry in 70 sec

Hopefully I’m being really thick and missing something obvious.

Thanks

btbr · June 23, 2022, 4:17pm

This is the mosquitto_config file that I changed the Listener.

hugo.ortiz · August 31, 2022, 12:35pm

You probably already figured it out, but have you tried adding an inbound rule to open port 1883 in the firewall settings?

flap · November 21, 2022, 11:15am

I am trying to get Mosquitto exposed to my LAN, but cannot get it working. My HA runs ons HA-OS and I’ve added this config to a custom .conf file:

listener 1882 0.0.0.0
allow_anonymous true

In the logs I can see the listener is started, still the port is not reachable. Probably because an port exposure of the add-on Docker container is needed. Can anyone help?

m0wlheld · November 22, 2022, 10:26am

Did you change the port by intend, because usually it’s 1883 for non-TLS MQTT?

m0wlheld · November 22, 2022, 10:31am

I currently assemble a project to start an HA Container-based stack from scratch, incl. MQTT and Zigbee2MQTT. From the docker-compose file in my Github repository, here’s an excerpt to start Eclipse Mosquitto for anonymous access. The Mosquitto image comes with an appropriate configuration for this:

  mosquitto:
    command: "mosquitto -c /mosquitto-no-auth.conf"
    container_name: mosquitto
    environment:
      - TZ
    image: eclipse-mosquitto:2.0
    expose:
      - 1883
      - 9001
    restart: always
    volumes:
      - "./mosquitto-data:/mosquitto"

You would need to change the “expose” statement to a “ports” statement, if Home Assistant and Mosquitto are not on the same network.

flap · November 22, 2022, 1:48pm

If i change it to listener 1883 0.0.0.0 Mosquitto wont start with Error: Address already in use

m0wlheld · November 22, 2022, 1:52pm

You need to find out, what is running of port 1883. I guess another MQTT service, maybe from a HA Add-On.

Bejur · January 6, 2023, 7:35pm

There might be some bug with eclipse-mosquitto v2 … I tried all the suggestions from you but still did not manage to make it work (without allowing anonymous access).

So I decided to use mosquitto version 1.6 and it works! Here are my configs

docker-compose.yml

services:
  mosquitto:
    container_name: mqtt
    image: eclipse-mosquitto:1.6
    volumes:
      - /home/<user+path>/mosquitto/config:/config
      - /home/<user+path>/mosquitto/data:/data
      - /home/<user+path>/mosquitto/log:/log
      - /etc/localtime:/etc/localtime:ro
    ports:
      - 1883:1883
      - 9001:9001

mosquitto.conf

listener 1883 0.0.0.0
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/log/mosquitto.log
allow_anonymous false
password_file /mosquitto/config/passwd

riko · March 15, 2023, 8:57am

Same issue here, tried all options but this solution works. Moving back to version 1.6

janducho · January 5, 2024, 10:21pm

Same here. Just version 1.6 works fine

CPFC · February 12, 2024, 6:34pm

Can anybody tell me how to access the mosquitto.conf file please, I want to add the listener. I’m sure it’s simple but I’m lost. Thanks