Eclipse mosquitto MQTT 代理可以通过 LAN 使用吗?为什么此配置会导致远程连接超时?

tag-icon tag-icon windows linux-networking
Eclipse mosquitto MQTT 代理可以通过 LAN 使用吗?为什么此配置会导致远程连接超时?

是否可以使用 192.xxx 的租约范围在 LAN 上使用 Eclipse mosquitto MQTT 代理?我认为这是不可能的。我提出以下内容作为这行不通的证据。希望有勇敢的人出现并证明我错了。

mosquitto 在本地计算机上运行,​​IP 为 192.168.2.1(OS=Linux),远程计算机为 192.168.2.104(OS=Win10)。它将尝试发布到代理,但超时。

mosquitto.conf 的内容

user mosquit
listener 8883 0.0.0.0
protocol mqtt
log_dest syslog
log_type all
connection_messages true
log_timestamp true
allow_anonymous false
password_file /etc/mosquitto/plaintext

建立了三个 ssh 会话。一个用于跟踪代理的日志。一个用于订阅者。另一个用于发布者。mosquitto_pub 和 mosquitto_sub 在本地运行,有效负载已正确传递。但这些都是本地通信。我们想从远程 *.104 计算机发布。至少我们希望看到 *.1 上的日志上发生一些事情。拒绝消息,一些东西,任何东西。但所有尝试都超时。请注意 57734 处连接的订阅者。

$ netstat -tp
netstat: showing only processes with your user ID
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.2.1:8883        192.168.2.1:57734       ESTABLISHED -
tcp        0      0 192.168.2.1:ssh         192.168.2.104:51723     ESTABLISHED -
tcp        0      0 192.168.2.1:57734       192.168.2.1:8883        ESTABLISHED 4365/mosquitto_sub
tcp        0      0 192.168.2.1:ssh         192.168.2.104:51569     ESTABLISHED -
tcp        0    140 192.168.2.1:ssh         192.168.2.104:51765     ESTABLISHED -

监听器出现在端口 8883 上

$ netstat -tulpn
netstat: showing only processes with your user ID
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:8883            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -
tcp        0      0 :::53                   :::*                    LISTEN      -
tcp        0      0 :::22                   :::*                    LISTEN      -
tcp        0      0 :::443                  :::*                    LISTEN      -
udp        0      0 0.0.0.0:53              0.0.0.0:*                           -
udp        0      0 0.0.0.0:67              0.0.0.0:*                           -
udp        0      0 :::53                   :::*

Linux *.1 上的防火墙设置为通过白名单允许 8883 和 1883。

~# iptables -L
Chain TRUSTED_IP_INPUT (1 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere             source IP range 192.168.2.102-192.168.2.106 tcp dpt:1883
RETURN     udp  --  anywhere             anywhere             source IP range 192.168.2.102-192.168.2.106 udp dpt:1883
RETURN     tcp  --  anywhere             anywhere             source IP range 192.168.2.102-192.168.2.106 tcp dpt:8883
RETURN     udp  --  anywhere             anywhere             source IP range 192.168.2.102-192.168.2.106 udp dpt:8883
DROP       all  --  anywhere             anywhere             state NEW
-

远程计算机 *.104 上的防火墙已完全禁用。

win10系统防火墙关闭

成功的当地的pubs 和 subs 出现在 /var/log/mosquitto.log 中

2022-09-22T18:33:11.758357-04:00 mtcap mosquitto[4091]: New connection from 192.168.2.1 on port 8883.
2022-09-22T18:33:11.764226-04:00 mtcap mosquitto[4091]: New client connected from 192.168.2.1 as mosq-uQu5OKrc9nYuqKEN8A (p2, c1, k60, u'bridgechirp').
2022-09-22T18:33:11.766554-04:00 mtcap mosquitto[4091]: No will message specified.
2022-09-22T18:33:11.766982-04:00 mtcap mosquitto[4091]: Sending CONNACK to mosq-uQu5OKrc9nYuqKEN8A (0, 0)
2022-09-22T18:33:11.780655-04:00 mtcap mosquitto[4091]: Received PUBLISH from mosq-uQu5OKrc9nYuqKEN8A (d0, q0, r0, m0, 'newsEvent', ... (11 bytes))
2022-09-22T18:33:11.781235-04:00 mtcap mosquitto[4091]: Sending PUBLISH to mosq-eoozTCsMlL1dIFDkoM (d0, q0, r0, m0, 'newsEvent', ... (11 bytes))
2022-09-22T18:33:11.788082-04:00 mtcap mosquitto[4091]: Received DISCONNECT from mosq-uQu5OKrc9nYuqKEN8A
2022-09-22T18:33:11.789566-04:00 mtcap mosquitto[4091]: Client mosq-uQu5OKrc9nYuqKEN8A disconnected.

远程 *.104 计算机尝试通过端口 443 连接到 Linux *.1 并成功,

PS C:\BROKER> $connection = New-Object System.Net.Sockets.TcpClient("192.168.2.1", "443")
 PS C:\BROKER> echo $connection.Connected
 True

远程计算机 *.104 通过 Cygwin 运行 telnet。telnet 进入 Linux *.1 端口 22 正确响应,

$ telnet
telnet> open 192.168.2.1 22
Trying 192.168.2.1...
Connected to 192.168.2.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.4

通过 8883 进行 Telnet 失败。

$ telnet
telnet> open 192.168.2.1 8883
Trying 192.168.2.1...
telnet: Unable to connect to remote host: Connection timed out
telnet>

TcpClient() 进入端口 8883 失败。

$connection = New-Object System.Net.Sockets.TcpClient("192.168.2.1", "8883")
New-Object : Exception calling ".ctor" with "2" argument(s): "A connection attempt failed because the connected party did not
properly respond after a period of time, or established connection failed because connected host has failed to respond
192.168.2.1:8883"

从远程 *.104 发布到本地 *.1 超时。

PS C:\BROKER\mosquitto> .\mosquitto_pub.exe -h 192.168.2.1 -p 8883 -t newsEvent -m "opti Payload"  -u redacted -P redacted
 Error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

上述所有操作都尝试使用端口 1883。在 mosquitto.conf 配置文件中,我尝试user myUser替换user mosquit,其中myUser登录的用户正在运行代理。这些更改都无法解决问题。尝试通过其论坛联系开发人员 Eclipse,但没有得到任何回复。

相关内容