Axel Posted January 6, 2011 Share Posted January 6, 2011 Hi guys, This works absolutely fine from inside my network. It also works when I route the packet via my internet IP address from within my network too. However, when I attempt to do it from outside, I can't seem to get this to work and I can verify if the packets are being received using a piece of software called packet sniffer. Again, fine from within, not fine from outside. My router is set up with the appropriate firewall rules. UDP port 9 redirect to the relevent LAN IP etc. Additional info: I'm using an iphone with an app called "iNet WOL", the app is working fine because as I've said, it works from within the network. Anyone got any clues?? Alex Link to comment Share on other sites More sharing options...
agreenbhm Posted January 6, 2011 Share Posted January 6, 2011 WOL works using broadcast packets, IIRC. Routers, by default, block broadcast traffic. You will likely need to dig into that further. It's obviously configured properly on the machine level, as it works within the LAN, but I think you're going to have a hell of a time getting it to work over the internet. EDIT: Scratch that, it may be off. How have you configured the PC's firewall, and what OS is destination PC running? Link to comment Share on other sites More sharing options...
Dan~ Posted January 6, 2011 Share Posted January 6, 2011 I wouldn't be suprised if it's your ISP which has blocked it. But that magic packet your trying to send, would have to be routed all over the show Link to comment Share on other sites More sharing options...
Axel Posted January 6, 2011 Author Share Posted January 6, 2011 Any way to find out for sure? Tests to run, etc.? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 6, 2011 MVC Share Posted January 6, 2011 Where you run into trouble with trying to do WOL from across the net, is does your router know the mac of your machine? You can forward to an IP all day long.. But if you machine has been off for any time at all, the routers arp table will no longer have the mac for that IP address.. So can not send anything to it. Normally for routers to allow WOL from outside you would forward to the broadcast IP of your local network, not all routers support this. so if you local network is say 192.168.1.0/24 - the broadcast address would be 192.168.1.255 When your machine is off, its not going to answer to arps.. That magic packet has to be sent to the specific mac.. Are you sure this tool uses UDP 9? Other tools use for example 65535, or 2304 If your router will not allow for forwarding to the broadcast address, then you need to make sure it has the mac in its arp table. Sometimes if the router supports dhcp reservations it will know the mac of the computer and you forward to the computer name in the rules. Best bet to get wol working from the internet is to have a router that supports doing it. Ie I can vpn into my router, and then just use its builtin feature of wol Another option is to have some machine on your network you can remote to send out the packet on the local network. Doing it from the public net can be hit or miss, as already mentioned its possible the port is blocked between where you at and your router. edit: If you want to know for sure if the packet is getting to your router - then you would need to be able to sniff traffic on the wan port of your router? If your router does not support this - then you could always just plug a PC into your cable modem so it has a public IP, then capture with say wireshark -- send the packet from outside and then see if gets there.. If gets there -- then there is nothing between where your sending from and your routers wan port. Another option would be to put a hub between your router and modem and plug your sniffer into the hub and watch the packets that way. What specific router do you have?? Also what modem? lots of times users have issues with forwarding its because they are behind a double nat.. Are you forwarding other traffic that works?? Keep in mind sending packets to some IP from inside your network that you think are being forwarded back is not a valid test, especially with something like magic packets what would be broadcasted on your local network.. You say your sending from your phone -- is this phone on your wireless network?? If so the packet would be broadcasted on your worked and would explain why its working. Axel 1 Share Link to comment Share on other sites More sharing options...
Axel Posted January 6, 2011 Author Share Posted January 6, 2011 Where you run into trouble with trying to do WOL from across the net, is does your router know the mac of your machine? You can forward to an IP all day long.. But if you machine has been off for any time at all, the routers arp table will no longer have the mac for that IP address.. So can not send anything to it. Normally for routers to allow WOL from outside you would forward to the broadcast IP of your local network, not all routers support this. so if you local network is say 192.168.1.0/24 - the broadcast address would be 192.168.1.255 When your machine is off, its not going to answer to arps.. That magic packet has to be sent to the specific mac.. Are you sure this tool uses UDP 9? Other tools use for example 65535, or 2304 Definitely UDP 9 - it even allows me to specify the port. The address I'm broadcasting to internally is 192.168.2.2 and the router is set to reserve this address for that machine. If your router will not allow for forwarding to the broadcast address, then you need to make sure it has the mac in its arp table. Sometimes if the router supports dhcp reservations it will know the mac of the computer and you forward to the computer name in the rules. Could you be a bit more specific regarding the arp table? I'm not entirely sure what that is. I thought the important thing was that the tool I'm using knows the MAC and just forwards that through the router and the open port. Best bet to get wol working from the internet is to have a router that supports doing it. Ie I can vpn into my router, and then just use its builtin feature of wol Another option is to have some machine on your network you can remote to send out the packet on the local network. Doing it from the public net can be hit or miss, as already mentioned its possible the port is blocked between where you at and your router. edit: If you want to know for sure if the packet is getting to your router - then you would need to be able to sniff traffic on the wan port of your router? If your router does not support this - then you could always just plug a PC into your cable modem so it has a public IP, then capture with say wireshark -- send the packet from outside and then see if gets there.. If gets there -- then there is nothing between where your sending from and your routers wan port. It's a combined ADSL router / modem so this is not an option. Another option would be to put a hub between your router and modem and plug your sniffer into the hub and watch the packets that way. What specific router do you have?? Also what modem? lots of times users have issues with forwarding its because they are behind a double nat.. Are you forwarding other traffic that works?? Keep in mind sending packets to some IP from inside your network that you think are being forwarded back is not a valid test, especially with something like magic packets what would be broadcasted on your local network.. You say your sending from your phone -- is this phone on your wireless network?? If so the packet would be broadcasted on your worked and would explain why its working. It's strange because if I use my internet IP and am connected to my wireless network it will work. If I am connected to someone elses wireless or the 3G network, it won't. I have a Sagem F@ST 2504 as supplied by my ISP in the UK (Sky). It's terrible really. I did have a netgear DG834PN which decided to die on me. I would consider buying a new router but with FTTC (VDSL) coming to my area soon I fear it would be a waste in the wake of potential new equipment requirements. Many thanks for your help by the way for the second time this week :) I should point out that the tool I have allows me to configure two options for each computer I set up on it. I enter a local IP for local activation and a remote IP for remote activation. It also asks to provide the MAC and the port number, quite simple and straight forward really so I don't think the problem is at that end. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 7, 2011 MVC Share Posted January 7, 2011 "Could you be a bit more specific regarding the arp table?" The table that points a IP to the mac address. On your computer do a arp -a C:\Windows\System32>arp -a Interface: 192.168.1.100 --- 0xb Internet Address Physical Address Type 192.168.1.97 00-1c-c3-71-6f-d9 dynamic 192.168.1.98 00-1c-c3-71-72-61 dynamic 192.168.1.99 00-06-dc-43-ad-78 dynamic 192.168.1.232 00-22-5f-90-a3-a2 dynamic 192.168.1.253 00-09-5b-e2-cc-db dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 224.0.0.252 01-00-5e-00-00-fc static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static Your router has the same thing. Unless your router knows what MAC that IP address is on, its not going to forward anything normally. Some routers might use their dhcp reservation listing -- some might not.. I am not sure on your router. Normally for WOL to work from internet you need to forward to the broadcast address of your internal network.. Can you do that? Change it to .255 vs 192.168.2.2 -- that is not a broadcast address that is the hosts IP. Change it and see if it works.. But to see if the packets are even getting to your router, your going to have to capture traffic from the wan side - if your router will not allow you to do it, then your going to have to put a computer in place of the router. Change to broadcast address for your network 2.255 and see if that works. Some routers don't like it -- mine does not for example and its a linux distro.. Forwarding to directed broadcast is not normally a good idea from a security sense - but for wol from the internet to work you quite often have to do it, unless you can enter a static entry in your arp table on your router.. with a normal soho router find it unlikely unless it was running some third party firmware like dd-wrt or something. Axel 1 Share Link to comment Share on other sites More sharing options...
Axel Posted January 7, 2011 Author Share Posted January 7, 2011 Thank you for your help, I am truly grateful - It's people like you that make this forum such a fantastic place to seek out assistance! I've had a skim through but I've got to head out to work but will have a thorough attempt at everything you've mentioned. In the meantime I found this: http://www.skyuser.co.uk/forum/technical-discussion/35010-wol-over-internet-solution-sagem-possibly-others.html#post263567 It seems to mention some of the issues you have. It appears the ARP table (which is referred to on my router as "connected devices") is flushed at regular intervals and the solution used was a startup script for any other computer on the network to actively refresh the ARP table using telnet (which, with my ISP custom firmware, mine does not support). What I don't understand is that he appears to be able to get it working when outside the network briefly, and I'm pretty sure I did too when I first set this up. However the packet sniffer utility is still not receiving anything. I have an ADSL modem hanging around somewhere so perhaps if I get the time I'll install it in my PC and run a nice long extension wire to verify it's being received through the WAN - unless you don't see this being necessary after looking at the above thread? I would love to put DD-WRT on it and I've looked into it before but it doesnt appear to be supported by my router. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 7, 2011 MVC Share Posted January 7, 2011 They are not issues I have ;) hehehe Yes the arp table is flushed very often.. All devices do this - in that thread he used a pc to setup the static arps on his router.. So that the router KNOWS what mac a specific IP is on, and it can forward to that specific IP. Again if you can not setup a static arp entry on your router, then your going to have to try broadcast address for the specific. Did you try it using .255 vs .2 ?? As to it briefly working -- depending on how often your router flushes its table.. Sure if you turn off your machine, and then send a wake up right away the router might still know the mac of the IP your setup in the forward and will forward the packet. If you router does not allow you command line access or gui method of setting static macs in the arp table your only hope is to be able to use the broadcast IP .255 vs specific IP of your machine. If you say it works using the public IP on your little app briefly, ie shutdown machine -- right away send the wakeup -- that tell me it works while your router has the mac in its arp table.. But 30 seconds later its prob gone.. Arp tables refresh very often! Which is why you would need a static entry (so its always there).. The reason they are using a script is when the router reboots it looses even the static settings, etc. Sounds like your router does not allow any of that -- so try the broadcast IP .255!!! Axel 1 Share Link to comment Share on other sites More sharing options...
Axel Posted January 7, 2011 Author Share Posted January 7, 2011 Doesn't look like I can do that... unless I'm misunderstanding? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted January 7, 2011 MVC Share Posted January 7, 2011 Like I said some routers do not allow that, my pfsense allows me to put it in - but does not forward the packets.. It kind of a security concern to be honest, so you quite often do not see devices that allow it. I did a test on my pfsense box, and I could see the packet hit the wan port. Upon looking into it, I really have no need for it - but for the purpose of troubleshooting your issue I took a deeper look into why direct boadcast did not work on mine either ;) I found this link about pfsense (freebsd based) where user has the same issue will not do directed broadcasts http://www.mail-archive.com/support@pfsense.com/msg07379.html You can check out this link - in it he talked about directed broadcast, it goes a bit into the security implications of it (smurf dos attacks) http://www.depicus.com/wake-on-lan/what-is-wake-on-lan.aspx see the section titled "Wake on Lan over the Internet (or why is it such a pain in the ****) " He states which is prob true that cisco set "The no ip directed-broadcast command is the default in Cisco IOS software version 12.0 and later." So if you can not get your router to direct the packet to specific IP since he does not know the mac (nothing in arp table for it) Then you need use a directed broadcast - but problem is many routers and firewalls disable this option by default. As yours clearly does, if you can not find a way to enable that. Or setup a static arp entry for the machine you want to wake up -- then your pretty much out of luck. You would have to find a different way to get the magic packet sent on your lan.. Another machine you can remote to and send the packet from that machine? This is what I do -- I vpn into my network, and from my routers interface I can send the magic packet. Sorry but if you can not get your router to either send a direct broadcast or have forward the packets by knowing your machines mac in its arp table your pretty much out of luck with doing any sort of wol from outside your network. You will have to remote a machine, or on a schedule of some sort get one of your machine to send the packets, or have the do it for you based up some command you get to it another way.. Off the top do you have any other machines that are on 24/7?? if so there are options you could use to get it to wake up another machine.. Of the top if its running say dropbox you can set it up to run commands when you put stuff into the dropbox from the web, etc. Your only other option would be to get a router that know will do directed broadcasts or allow you to setup a static arp on, etc. edit: Ok to follow through and just show you that it will work with static entry in your arp table.. So my quad-w7 at 192.168.1.100 is currently off (standby) So I added static entry in the arp table [2.0-BETA5][admin@pfsense.local.lan]/root(6): arp -s 192.168.1.100 00:21:9b:03:ac:a7 [2.0-BETA5][admin@pfsense.local.lan]/root(7): arp -a <snipped> qs108t.local.lan (192.168.1.128) at 00:1e:2a:d3:c9:3d on re0 expires in 774 seconds [ethernet] pch.local.lan (192.168.1.99) at 00:06:dc:43:ad:78 on re0 expires in 958 seconds [ethernet] quad-w7.local.lan (192.168.1.100) at 00:21:9b:03:ac:a7 on re0 permanent [ethernet] p4-28g.local.lan (192.168.1.4) at 00:0d:56:f0:f0:09 on re0 expires in 1138 seconds [ethernet] <snipped> So machine is off [2.0-BETA5][admin@pfsense.local.lan]/root(8): ping 192.168.1.100 PING 192.168.1.100 (192.168.1.100): 56 data bytes ^C --- 192.168.1.100 ping statistics --- 5 packets transmitted, 0 packets received, 100.0% packet loss So I added a firewall rule to forward on UDP port 9 to 192.168.1.100 I then send magic packet from this site http://www.depicus.com/wake-on-lan/woli.aspx to my public IP. And now my machine is awake [2.0-BETA5][admin@pfsense.local.lan]/root(10): ping 192.168.1.100 PING 192.168.1.100 (192.168.1.100): 56 data bytes 64 bytes from 192.168.1.100: icmp_seq=0 ttl=128 time=2.444 ms 64 bytes from 192.168.1.100: icmp_seq=1 ttl=128 time=1.238 ms 64 bytes from 192.168.1.100: icmp_seq=2 ttl=128 time=1.228 ms ^C --- 192.168.1.100 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 1.228/1.637/2.444/0.571 ms So -- again if you can create a static arp entry for your machine on your router you should be good.. Since it will not do directed broadcast. Good Luck dude -- and if I can help in some other way just let me know. Gocom, TurboTuna and Axel 3 Share Link to comment Share on other sites More sharing options...
Recommended Posts