stackoom
  简体   繁体   中英

Can I use any other port than the default for MQTT with TLS-authentication?

 原文  2022-09-26 19:48:12       networking/ port/ mqtt/ portforwarding/ mosquitto

Question

I have set up a mosquitto-broker on my raspberry pi which I have running on my local network. I've tested this locally using the paho-mqtt package in python which is working, however I want to access this broker remotely (outside my local network).

From what I understand, the safest way to do this is to use TLS-authentication and configure mosquitto to listen on port 8883, rather than opening the un-encrypted 1883 port, where login credentials can be sniffed. This is where my problems start, as I suspect my ISP doesn't allow forwarding port 8883 to the (static) IP-address of my RPi. (Port wont open no matter what I try, and I've tried googling this specific issue.)

So my question is: Is it possible to use another port than the default 1883 or 8883 (which my ISP hopefully allows to be opened) for accessing my locally hosted mosquitto-broker? For example one of the higher-valued ports, which I understand is not reserved for anything. I'm imagining connecting to the broker by using my external IP-address with this port (xxx.xxx.xxx.xxx:yyyyy) and either tunneling this data to the 8883-port on the local network, or configuring mosquitto to listen on the selected port. Any tips on how I can solve this issue?

1 answers

solution1
 1  2022-09-26 20:57:54

You can use any ports you want (or that your operating system will permit). MQTT uses certain ports by convention but is not restricted to using those ports. You're even welcome to encrypt on port 1883 if you want.

You'll need to do three things:

  1. write the listener configuration directive correctly to use the port you want to use and make sure that you're listening on 0.0.0.0 in order to listen on all network interfaces, or the IP address of a specific network interface to listen on.
  2. correctly configure encryption after the listener directive
  3. ensure that the port you chose is accessible through any firewall your server may be running
  4. properly configure any clients to use the port you configured and work with the encryption you configured

If you want to make it accessible over the Internet you'll need to open a port on your router as well.

If you do make it accessible over the Internet, please require authentication. Encryption won't stop strangers from connecting to your broker, it will just stop eavesdropping on them. Turn off allow_anonymous and set up some Mosquitto accounts.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question can't use other port for nodejs application unless I sudo Can I force git to use TLS only? I am getting a different port number than I use Can't open site other than on the port 80 Other than UDP Broadcast or Multicast, what other methods can I use on a WiFI network to discover computers? Cannot ssh to remote hosts on any port other than 22 from macOS using built-in ssh client MQTT Java can't send more than once How can I use scapy to make a port appear open? Can I use SNMP over different protocol than UDP? Can network admin change the default port for http
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM