1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wake On LAN UDP forwarding to LAN Broadcast address?

Discussion in 'Sveasoft Firmware' started by Hubasan, Jan 24, 2005.

  1. Hubasan

    Hubasan Network Guru Member

    HI all,

    I have WRT54GS router with Sveasoft firmware.

    What I'm trying to do is to forward an UDP packet comming from the internet to the broadcast address on my local LAN in order to wake my computer up, but this doesn't seem to work.
    I have telneted to my router and listed iptables FORWARD chain and rule is there, but it seems like the firewall is dropping anything that is going to the broadcast address by default??? I was unable to find that rule. I'm probably blind, and it's there somewhere.
    By the way, before I bought this WRT54GS i had a regular BEFSR41 that was able to do this without a problem.
    FYI I'm trying to wake my comp up with www.dslreports.com/wakeup java script.

    Any ideas guys? All help is really appreciated, thanks.
     
  2. cat101

    cat101 Network Guru Member

    I'm also trying to do the same but under the HyperWRT 2.0b4 firmware. So far I have tried adding the following line to the firewall script with no luck (more details here)

    iptables -t nat -I PREROUTING 4 -p udp -i vlan1 --dport 9 -j DNAT --to-destination 192.168.1.255:9

    I've also observed that doing a broadcast ping to the internal network only triggers responses from the router itself.

    I've read that the newest Sveasoft firmware (Alchemy) supports this, but I'm trying to stay on HyperWRT.

    Cat101
     
  3. Hubasan

    Hubasan Network Guru Member

    HI cat101,
    Thanks for your response...Since I made this post of mine I have done some research and found several interesting things.
    One of them is when I telnet to the router, and do "iptables -t NAT -L --line-numbers" it gives me a nat table listing, but there is one interesting piece of information there.
    POSTROUTING Chain, line 2 reads this:
    <<2 RETURN all -- anywhere anywhere PKTTYPE = broadcast>>
    Now all logic would say that any broadcast traffic comming to this router would be returned. And this certanly is interesting since Sveasoft removed a blok that Linksys firmware had on typing .255 in forwarding table.

    Since POSTROUTING chain in NAT table is the last before the traffic hits your computers network card (since Mangle table is usually empty) this statement is true. I have confirmed this by capturing packets incoming to my network card with Ehereal and could not see UDP packet that I was sending from dslreports.
    Funny thing is that when I remove this line and try again, the absolutely same thing happens. Packet stops in the router and never gets to my network card. Link Logger reports that packet was rejected by 192.168.x.255, which is my broadcast address! Why would that be is beyond me.
    Why would Sveasoft or IPTABLES make it so difficult to send traffic to broadcast is also beyond me.
    Maybe we should suggest to Sveasoft that they implement simple Wake On Lan script in their next firmware!?
    Also if you do "ifconfig" on your router do you see BR0 interface that is has your broadcast address?

    Did anyone else wanted to do WOL with this router, and what experiences did you guys have?

    Thanks
     
  4. cat101

    cat101 Network Guru Member

    Hubasan,

    One of them is when I telnet to the router, and do "iptables -t NAT -L --line-numbers" it gives me a nat table listing, but there is one interesting piece of information there.
    POSTROUTING Chain, line 2 reads this:
    <<2 RETURN all -- anywhere anywhere PKTTYPE = broadcast>>


    Mmm, that is not what I get on mine:

    # iptables -t nat -L --line-number
    Chain PREROUTING (policy ACCEPT)
    num target prot opt source destination
    1 DROP all -- anywhere 192.168.1.0/24
    2 DNAT icmp -- anywhere host-xx-xx-xx-xx.yyyyy.netto:192.168.1.1
    3 TRIGGER all -- anywhere host-xx-xx-xx-xx.yyyyy.net TRIGGER type:dnat match:0 relate:0
    4 DNAT all -- anywhere host-xx-xx-xx-xx.yyyyy.netto:192.168.1.2

    Chain POSTROUTING (policy ACCEPT)
    num target prot opt source destination
    1 MASQUERADE all -- anywhere anywhere
    2 MASQUERADE all -- 192.168.1.0/24 192.168.1.0/24

    Chain OUTPUT (policy ACCEPT)
    num target prot opt source destination

    I think this is a result of what features you have enabled.

    Why would Sveasoft or IPTABLES make it so difficult to send traffic to broadcast is also beyond me.
    Maybe we should suggest to Sveasoft that they implement simple Wake On Lan script in their next firmware!?


    I think that we are just missing some rule/config option. I believe I read that on alchemy WOL packets go through. I wish I knew what they have done :).

    Also if you do "ifconfig" on your router do you see BR0 interface that is has your broadcast address?
    yes
    br0 Link encap:Ethernet HWaddr 00:12:17:CA:CF:09
    inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
    UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST MTU:1500 Metric:1
    RX packets:1373985 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1390516 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:208647183 (198.9 Mb) TX bytes:551099187 (525.5 Mb)

    In case you need more inspiration, this page (http://seattlewireless.net/index.cgi/LinksysWrt54g#head-7fd95cefabaabfd927f0184163d0a460b2c86873 ) has a great description of the router's architecture (still I can't solve this problem).

    please keep me posted if you try something else.

    Cat101
     
  5. lonewolf

    lonewolf Network Guru Member

    Is the firewall enabled? If so, you're also going to need a rule in the FORWARD chain: "iptables -I FORWARD -p udp -d 192.168.1.255 --dport 9 -j ACCEPT"

    /lonewolf
     
  6. cat101

    cat101 Network Guru Member

    I have the "firewall option" disabled and therefore my forward chain has an accept policy.

    Thanks for comment

    Cat101
     
  7. Hubasan

    Hubasan Network Guru Member

    Lonewolf,

    When you add any forwarding to the router through WEB interface, it creates entries in IPTABLES PREROUTING and FORWARD tables.
    So the answer is yes. I had it in both Prerouting and forward tables but it still didn't work.
    I have then tried to add both entries manually through IPTABLES and forward all UDP traffic to my broadcast address, but no success.

    There is something wrong with forwarding traffic to broadcast address. Maybe because they dont' have ETH0 or ETH1 declared to accept broadcast but instead BRIDGE these two connections "they say linux kernel does this, which I'm not sure about" (They call it BR0 = bridge 0) which now is different device, at leaset when IPTABLES is concerned. I think the problem lies there. IPTABLES is very straight forward FIREWALL and with entiries in PREROUTING and FORWARD tables it should work.

    Why id doesn't work in WRT54GS v2.0 I really don't know.

    Anyway thanks for your responses guys.

    Respect
     
  8. dafonda

    dafonda Guest

    bcrelay?

    I've been trying to do this too. I'm running Satori firmware, and I've come across a 'bcrelay' command in sbin, that claims to do just what we want--repeat brodcast packets across interfaces--but I can't seem to get it to work. Has anyone else played with this, or found any documentation for it past the built-in help?

    I tried:

    and
    I tried running it right from the command line, instead of as a daemon. Nothing doing. Although I'm not quite sure what I'm doing or how to test it. All I know is WOL works inside the LAN, but not over WAN. I can use a workaround-- SSH or VNC into my server and wake up the workstations from there, or write a web page to do it for me--or even set up a little VPN and then just use a WOL utility as if I were in the LAN--but all of these are ugly kludges.

    Seems like we should be able to get this working.

    Any ideas on this?
     

Share This Page