I struggled with this for a little bit, so I figured some others might find it useful. I wanted to get Wake On LAN working across the Internet, and I didn't want to do it through the Tomato GUI. I wanted it to work this way because I have a Web server running on the LAN that friends and family access infrequently, and I wanted to be able to power off my computer and still let them have access to my Web server. My solution was a CGI script hosted elsewhere that sent a magic packet to my router which then forwarded it to the Web server on my LAN. It didn't work. :thumbdown: The problem is that when your computer is powered off it doesn't have an IP address, so there's no address to forward the packet to. WOL requires that the magic packet be broadcast to the entire LAN's subnet, but iptables and Tomato won't let you forward packets to a broadcast address. I thought I was doomed. But wait! What about creating a static ARP entry with a bogus IP address? It works!!!! Here is the command I entered at the Tomato SSH prompt: Code: ip neighbor add 192.168.1.254 lladdr ff:ff:ff:ff:ff:ff dev br0 nud permanent This fools Tomato into thinking there is a machine on the LAN with the IP address 192.168.1.254 with a MAC address of ff:ff:ff:ff:ff:ff. That is a special MAC address - a broadcast address. So, then I set up a port forwarding rule to forward UDP packets on port 9 to 192.168.1.254 which causes Tomato to send out a broadcast. It works beautifully. So, to recap: 1) Create a permanent ARP entry with the following command at the Tomato SSH command line: Code: ip neighbor add 192.168.1.254 lladdr ff:ff:ff:ff:ff:ff dev br0 nud permanent 2) Create a port forwarding rule to forward UDP packets on port 9 to 192.168.1.254. 3) Use whatever WOL utility you have to send WOL packets to Tomato's WAN IP using UDP packets on port 9 (remembering that you have to know the LAN machine's MAC address). Hope that helps.