Firewall – Wake on Lan for Linksys WRT54GS

firewalllinksysrouterwake-on-lan

I have a Linksys router WRT54GS V1 Firmware version 4.71.4. I am having issues getting the router to allow me to use wake on lan over the internet. If I send a magic packet to the local subnet it works fine but if I attempt to do it from the internet I get nothing.

I set the subnet mask of my router to 255.255.255.128. I have enabled port forwarding to UDP port 9 and ip address 192.168.1.127. It sill does not work. Any suggestions?

UPDATE: I have not had a chance to try all the suggestions yet. I will hopefully try it this evening.

UPDATE 2: I was finally able to make this work. I was never able to make the WOL work with the linksys firmware so I had to install DD-WRT. Once it was installed I added a Port Forwarding rule to 192.168.1.255 for UDP ports 7&9.

Best Answer

You need to send the packet to the broadcast address of the network. You can't send it to 192.168.1.127, because the PC is powered off and so this IP is not owned/bounded by him. Set it to 192.168.1.255

Related Solutions

Wake-on-LAN – How to Get It Working

Static ARP is completely unnecessary

You've got the first part right. To get the WOL packet into the network, forward the packet coming from a specific port to the broadcast address of the local network (255.255.255.255) or whatever subnet range you want WOL access to be enabled on.

The Destination MAC address of the packet should be set to ethernet broadcast or FF:FF:FF:FF:FF:FF. The ethernet type of the packet should be 0x0842 (Wake On Lan).

So, where does the MAC of the computer being woken up go?

In the magic packet itself. WOL packets were only really intended to be sent across a local network. They're blind to any protocol above the link layer. To get around this limitation, they broadcast (ethernet broadcast not IP broadcast) to all the computers on the network and each computer reads the magic packet to see if they're the one being called on.

The contents of the magic packet contain 16 copies of the MAC address of the computer being woken up.

The frame structure is as follows:

DA -> SA -> Type -> Magic Packet

Where:

DA = FF:FF:FF:FF:FF:FF
SA = [whatever the source MAC is]
Type = 0x0842
Magic = [The actual destination MAC repeated 16x]

If you want to test that the packets coming across are in the right format, use the following filter in Wireshark:

ether dst FF:FF:FF:FF:FF:FF and ether proto 0x0842

Basically, the WOL application needs to be capable of creating a packet that spoofs the Ethernet Destination address. There are tools online that can do such a thing but I'm not familiar with them.

Note: The reason I know so much about this is because I'm the author of the WOL parser for SharpPcap (pcap wrapper in C#). If there is sufficient demand, I could extend my console application to include packet sending (it currently only sniffs) and make it available as an OSS project.

Update: @Evan Anderson made a good point that I forgot to mention. Broadcasting incoming packets on a LAN is generally a bad idea. This solution will work but it's only a hack to circumvent the limitations of the Wake On Lan protocol.

The technique I've outlined will work for any computer on the LAN the way WOL was designed but could potentially open your network up to be used for as an attack (Smurf/Fraggle/Papasmurf) amplifier if someone were to send a specially crafted packet to the WOL port.

Evan Anderson's approach is technically more secure but is limited to unicast.

Iptables – How to forward UDP Wake-on-Lan port to broadcast IP with IPTABLES

# iptables -A PREROUTING -t nat -p udp --dport 6  -d <original destination> -j DNAT --to-destination 192.168.1.255

That will take a WOL packet destined for and reroute it to the broadcast of your network.

Also if you are using a Red Hat derived system you will need to save the iptables entry using

# service iptables save

Best Answer

Related Solutions

Wake-on-LAN – How to Get It Working

Iptables – How to forward UDP Wake-on-Lan port to broadcast IP with IPTABLES

Related Topic