[Solved] After upgrade to TOS 6.0 I can't connect from LAN to mosquitto (mqtt) anymore. Firewall issue?

mkyral · November 2, 2022, 7:31am

Today I’ve upgraded to TOS 6.0 and now I can’t connect to mqtt broker I’m running on turris Omnia.

Mosquitto is running on router and I can connect from Turris via IPv6.

marian@turris /srv/home/marian $ ps ax |grep mos
 4464 ?        S      0:00 mosquitto -c /var/etc/fosquitto.generated.conf
14630 ?        S      0:00 mosquitto -c /etc/mosquitto/mosquitto.conf

arian@turris /srv/home/marian $ mosquitto_sub -h ::0 -t '#' -v
turris/mem/used 405696
turris/mem/available 241788

But connection via IPv4 is rejected on all LAN clients and also on router itself

marian@turris /srv/home/marian $ mosquitto_sub -h 192.168.1.1 -t '#' -v
Error: Connection refused

[marian@txp ~]$ mosquitto_sub -h 192.168.1.1 -t '#' -v
Error: Connection refused

According lsof, mosquitto is listening on IPv6 and IPv4

mosquitto 14630                     mosquitto    4u     IPv6      37517        0t0        TCP localhost:1883 (LISTEN)
mosquitto 14630                     mosquitto    5u     IPv4      37518        0t0        TCP localhost:1883 (LISTEN)

When I run mosquitto with verbose I can’t see connections from LAN. But I can see local connection via IPv6.

root@turris:/tmp# mosquitto --verbose -c /etc/mosquitto/mosquitto.conf
1667373884: The 'bind_address' option is now deprecated and will be removed in a future version. The behaviour will default to true.
1667373884: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.
1667373884: mosquitto version 2.0.15 starting
1667373884: Config loaded from /etc/mosquitto/mosquitto.conf.
1667373884: Opening ipv6 listen socket on port 1883.
1667373884: Opening ipv4 listen socket on port 1883.
1667373884: mosquitto version 2.0.15 running

1667373943: New connection from ::1:42332 on port 1883.
1667373943: New client connected from ::1:42332 as auto-0E1118BF-67BE-540C-0857-D9837789B4EB (p2, c1, k60).
1667373943: No will message specified.
1667373943: Sending CONNACK to auto-0E1118BF-67BE-540C-0857-D9837789B4EB (0, 0)
1667373943: Received SUBSCRIBE from auto-0E1118BF-67BE-540C-0857-D9837789B4EB
1667373943:     # (QoS 0)
1667373943: auto-0E1118BF-67BE-540C-0857-D9837789B4EB 0 #
1667373943: Sending SUBACK to auto-0E1118BF-67BE-540C-0857-D9837789B4EB

So it seems to be and firewall issue. I’ve added new rule to FW, but it didn’t helped, even after router restart.

I can’t find firewall log. Any help is welcome.

mkyral · November 2, 2022, 7:55am

Find it. It is change in mosquitto config.

system · November 5, 2022, 7:55am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.