Connecting to MQTT broker (Mosquitto) installed on a Raspberry Pi over the Internet

Question

I am planning to create a very simple home\office monitoring system, where I will be able to connect sensors using Mosquitto broker on a Raspberry Pi. The sensors will publish data to the broker and I will be able to see the data as a subscriber.

I have a publisher that periodically publishes messages to the Raspberry Pi (Mosquitto broker) in the house in the same LAN network. But I want to connect a sensor that will be located at my office to the same broker, so the connection can't be except online.

The problem that I am facing at the moment is that I want to connect a sensor to the Raspberry Pi but I need to do it over the Internet given the limitations of hardware. How do I connect the sensor to publish to the broker that resides in the Raspberry Pi from outside the LAN network? I just checked and my public IP address could have thousands of addresses underneath it, how do I know which one is me and connect to it?!

Answer 1

Somewhat depends on your home network. If your ISP uses so called "Carrier Grade NAT" which is increasingly common due to the fact that few IPv4 addresses are now available, you cannot make a connection from the Internet to your local network.

Otherwise you can make a connection inwards and so your remote sensor just needs a TCP/IP connection. We would need more information on the sensor to show you how to do that. To find your public IP address, you visit https://www.whatismyip.com/ from a computer on your local network. (To find out if you are stuck with carrier grade nat, ask your ISP or do a reverse lookup on your public IP address, you may be able to tell). You will also need to configure the firewall on your router so that it allows inbound connections to a PORT that you choose (on the outside) and map that to the internal IP address of the Pi and the port configured on Mosquitto for handling MQTT traffic.

For carrier grade NAT or if you cannot configure your router's firewall to allow incoming connections, you should use another MQTT broker on the Internet somewhere. Then configure your Pi broker to bridge to the Internet broker.

The Owntracks documentation has a quick tutorial. There is also information in the Mosquitto documentation on how to do this.

In this case, your Pi broker is making a connection out to the internet which works fine on any WAN if you are not excessively blocking outgoing traffic.

In either case, do not forget that any traffic over the Internet is insecure. You will need to set up SSL certificates along with a username/password combination to secure the traffic.

Answer 2

Easy!

• Just add a port forwarding (in your local router 192.168.x.x) to your raspberrPi ip and MQTT (usually port 1883).
• Then your sensor should be connected to internet and send a topic/payload to your public IP address at home...

I do this for android apps - owntrack - juiceSSH - raspicheck - myMQTT - openHAB - Yatse (For Kodi remote)

But do not forget when you open a port you will need to secure it access somehow... and your public i.p. can be automatically change by your ISP (InternetServiceProvider)