Remote Access to MQTT broker behind NAT Router or Firewall over the Internet

MQTT Broker Remote Access over the Internet using SocketXP IoT Cloud Gateway

In this section, we’ll discuss how to securely connect and remotely access a private MQTT Broker located inside your office or home network behind a NAT router or a Firewall over the internet. We’ll use the open source Mosquitto MQTT broker and client for this demo.

Remote access to a private MQTT broker is required when IoT devices and sensors are placed remotely in customer sites or in some remote locations in the open fields to monitor and measure the environmental factors.

Data collected from the sensors needs to be streamed to the MQTT broker so that MQTT subscribers of an MQTT topic could receive the published data for further processing and analysis. MQTT broker and clients follow the pub-sub model.

You can find the instructions to download and install Mosquitto MQTT broker on your private server here.

Let’s see how to setup remote access to an MQTT broker using SocketXP IoT Remote Access Platform.

Setup SocketXP IoT Agent for MQTT Broker Remote Access

You need to download and install a simple SocketXP IoT agent on your IoT devices and the server where your MQTT broker runs. You can find the instructions to download and install SocketXP IoT Agent here.

Next, connect the MQTT Broker with the SocketXP IoT Cloud Gateway using the following command.

Connect IoT devices to the MQTT Broker in IoT Slave Mode

Next, setup SocketXP agent to run in IoT Slave Mode in all your IoT devices (both MQTT subscriber devices and the publisher devices)

Subscribe to a topic

Make your IoT devices to subscribe to a topic they are interested in listening, so that they could take some action like powering ON a bulb. In the following example, the IoT device subscribes to the topic “office/floor1/bulb1”

Note: port 3883 is the local TCP port on which MQTT broker is reachable via the SocketXP agent running in IoT Slave Mode, providing secure TLS tunnel to the MQTT Broker.

Publish to the topic

Now it’s time to publish some message to the topic “office/floor1/bulb1”. Again use the local TCP port 3883 and local host IP address to reach the MQTT Broker via the SocketXP agent running in IoT slave mode.

Check if the subscriber has received the “ON” message sent to the topic.

We see that the “ON” message has been received by the subscriber.

SocketXP eliminates the need to host your MQTT broker in a public cloud infrastructure. You could host the MQTT broker server in-house in a private network behind a NAT router or Firewall. SocketXP IoT Remote Access solution provides simple and secure remote connections to your IoT devices and edge servers.

This article was originally published at:

Ganesh Velrajan is the founder of SocketXP. Learn more about SocketXP Remote Access Solutions at

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store