We have upgraded the community system as part of the upgrade a password reset is required for all users before login in.

mosquitto_pub -> Error: Connection refused



  • Hello, I carefully followed the instructions of Paul Cousins in his excellent article "Industrial Machine Monitor Update" but when I tried to execute the command mosquito_pub -t <necessary parameters> but I get the error "Connection refuse"

    Any ideas to overcome this problem?

    Thanks in advance

    Industrial Machine Monitor Update



  • I see that Onion's support is not very good, at least not with me.

    Ok, I tried to solve this "conection refused" issue and try to solve something that I guess the Onion staff can answer in 1 minute if it mattered.

    I had to put myself inside the LEDE

    I share the following to help other users

    Starting from the premise that the problem is that port 8883 is closed, I had to investigate the following.

    NETSTAT
    IPTABLES
    FIREWALL

    Is port 8883 closed? How to know?

    The recommendation is to try to connect with telnet with aws, but Omega2 does not have telnet, so from another computer on the same LAN I executed these commands:

    ~ $ telnet xxxxxxxxxxxxx.iot.us-east-1.amazonaws.com 8883
    Trying 52.44.113.236 ...
    Connected to dualstack.iotmoonraker-u-elb-1bkszq0bvnbyv-1001897703.us-east-1.elb.amazonaws.com.
    Escape character is '^]'.
    xxxxxxxxxxx.iot.us-east-1.amazonaws.com ^ [[A ^ [[B
    Connection closed by foreign host.

    This means that my LAN has access to port 8883 in AWS, it's not my AP's problem.

    Now from that same machine I executed this command:

    ~ $ nc -zv omega-xxxx.local 8883
    nc: connect to omega-xxxx.local port 8883 (tcp) failed: Connection refused

    Now from the Omega2 command line I tried this command

    root @ Omega-xxxx: #nc localhost 8883
    nc: cant connect to remote host (127.0.0.1): conection refused

    So yes, the port is closed in my Omega2......



  • Now that I know that port 8883 is closed (by the way port tcp 8883 is the one used by AWS IOT for MTTQ communication with AWS IOT) I have tried to open that port.

    After searching the Internet on this topic I followed these actions.

    cat / proc / sys / net / ipv4 / ip_local_port_range

    32000 64000

    echo 1024 65535> / proc / sys / net / ipv4 / ip_local_port_range

    This instruction increases the number of available ports.

    Then I edited the file "/ etc / config / firewall" and added the following rule

    config rule
    option name "Mosquito AWS IOT"
    option src ''
    option dest '
    '
    option scr_port '8883'
    option dest_port '8883'
    option proto 'tcp'
    option target 'ACCEPT'

    Then I wrote the command

    /etc/init.d/firewall restart

    Then I rebooted Omega2 to make sure the new rule was activated

    reboot

    Then I checked if the new rule is in the iptables

    iptables -L | grep 8883

    ACCEPT tcp - anywhere anywhere tcp spt: 8883 dpt: 8883 / *! Fw3: Mosquitto AWS IOW * /

    So it seems that the matter is resolved but in trying to execute

    #mosquitto_sub [required parameters]
    i got
    error: Conection Refused

    What's wrong? I'd appreciate a technical support response.



  • @Virgilio-Enrique-Aray-Arteaga said in mosquitto_pub -> Error: Connection refused:

    > # iptables -L | grep 8883
    > ACCEPT tcp - anywhere anywhere tcp spt: 8883 dpt: 8883 / *! Fw3: Mosquitto AWS IOW * /
    

    Unless you are certain that your tcp client application is communicating from port 8883, I would suggest that you remove the source port restriction on port 8883 and allow any source port to destination 8883.
    Sorry, I didn't read your post properly and so didn't clearly understand your problem.

    It seems you are trying to connect to your O2 on port 8883.
    Are you sure there is something listening on that port on your O2?

    # netstat -tnap | grep 8883
    tcp        0      0 0.0.0.0:8883              0.0.0.0:*               LISTEN      1037/athing
    

    If there is nothing listening, then the port will definitely be closed.

    But then again, shouldn't the communication be outbound from your O2 to amazon and not inbound to your O2?



  • Hello @cas

    Thanks for answering, the tcp 8883 port is used by amazon web services to access its IoT implementation through the MQTT protocol.

    I installed the Mosquitto MQTT tools on my Omega2 device.

    I did this to emulate Paul Cousins' project:

    "Connecting your Omega to AWS IoT with a Single Command"

    https://onion.io/2bt-february-13-2018/?utm_source=newsletter&utm_medium=email&utm_content=2-bullet-tuesday&utm_campaign=2-bullet-tuesday

    I followed all the instructions carefully but when I run the mosquitto_sub or mosquito_pub commands with the appropriate parameters I get the answer

    "Connection refused"

    Studying a bit I see that this protocol uses port 8883 to communicate with the AWA server as well as WWW servers use port 80, based on what I have researched I assume the problem is that my Omega 2 has by default blocked the port 8883, I can not think of anything else.



  • @cas said in mosquitto_pub -> Error: Connection refused:

    But then again, shouldn't the communication be outbound from your O2 to amazon and not inbound to your O2?

    Yes, the rule that I wrote in the firewall should allow the entry and exit traffic through port 8883.



  • I have to apologize, it seems that all the problem was that I transferred the certificates as a text files, although they seemed to be complete I decided to transmit them again in a compressed file (gz) to the Omega2, then I unzipped them and re-executed the installation and now it worked , I was wrong the problem was not ports but the validity of the files: certificate.pem.crt and private.pem.key.



  • @Virgilio-Enrique-Aray-Arteaga
    Ok, glad it's working.
    Since the problem was not related to the firewall, I'd suggest that you remove that rule so it doesn't cause you any accidental problems in the future. šŸ™‚



  • Apologies, I know this is an old thread but I have followed Paul Cousins instructions too and also have the "Connection refused" Error. I have tried to check that I have put the certificates over in a couple of different ways but as I am downloading them from Amazon to a mac and then uploading them to the onion, I'm not sure how I could be disturbing them.

    I have looked for others having this problem and I don't see anyone so I'm really confused to know what I might be doing wrong.

    Any chance you can say any more about why reinstalling the certificates worked for you?

    Many thanks

    Robin


Log in to reply
 

Looks like your connection to Community was lost, please wait while we try to reconnect.