Indigo Domotics

I have all my IoT devices on a separate VLAN. The MQTT broker is the main VLAN. A rule in the firewall allows port allows devices in the IoT VLAN to use port 1883 to communicate with the broker.

The above works for everything except the Shelly-1 relay using the ShellyMQTT. I know something is funky because when I open all ports between the Shelly-1 and the MQTT broker, the topics in MQTT Explorer are different from when I just opened 1883, AND the relay works to perfection.

Hence, the questions. What are all the ports needed between Shelly-1 and the MQTT Broker?

Thank you,

JP

1883 should be the only port required if all you want is MQTT. You'd obviously need port 80 for HTTP into the device from outside your VLAN.

I'm assuming since you are using VLANs that you are well versed in the area, but have you actually tested to see if your rules are working as expected? Do you have another device that you can connect to your IoT VLAN and attempt to connect to the broker over 1883?

Yes, I am fairly familiar with complex network configurations, which is why this is strange. I have dozen of devices across multiple VLANs without issues, and I use Node-Red and MQTT to automate my Trane thermostat, iAqualink pool controller, and others back to Indigo.

The firewall rule for this problem is easy.
- the rule that works: Shelly devices to MQTT Controller - allow all ports
- the rule that DOESN'T work: Shelly devices to MQTT Controller - allow port 1883 only

As you can see, the only difference is the port number, hence my question. Port 80 is not an issue because you can't use Cloud with Shelly devices and simultaneously use MQTT.

A puzzle. I will have to break out Wireshark and see what's going on.

JP

roquej wrote:

I have all my IoT devices on a separate VLAN. The MQTT broker is the main VLAN. A rule in the firewall allows port allows devices in the IoT VLAN to use port 1883 to communicate with the broker.

The above works for everything except the Shelly-1 relay using the ShellyMQTT. I know something is funky because when I open all ports between the Shelly-1 and the MQTT broker, the topics in MQTT Explorer are different from when I just opened 1883, AND the relay works to perfection.

Hence, the questions. What are all the ports needed between Shelly-1 and the MQTT Broker?

Thank you,

JP

What do you mean with ”The topics in MQTT are different ” ?


Sent from my iPad with Tapatalk

See the difference in the enclosed graphics.

JP

I have my Shelly devices isolated with an IoT vLAN also using Ubiquiti. Just have a rule for port 1883 and that is all that is needed.

Do you possibly need to do a rule for each direction with your firewall?

It looks like the only difference is the command topic, which I expect is going the other direction. You need to make sure the firewall port is open both directions.


Sent from my iPhone using Tapatalk

I am using an USG-Pro, and the rules mentioned are on the LAN side. Something else is going on. I am going to reset the relay and reconfigure everything again.

I will update the thread.

Thank you to everyone for their suggestions. This is why I love the Indigo community!

JP