Route WOL traffic to 2 different subnets

tensorflow · August 16, 2021, 5:17pm

I recently bought the cloud router switch CRS312-4C+8XG-RM. Below is how I have configured.

Interface 1 - WAN —> Connects from modem to the router

Interface 2 - LAN 1 that has a Bridge 1 and gets DHCP from DHCP-pool-1 range — 192.168.1.1 - 192.168.1.254

Interfaces 3 & Interface 4 - LAN 2 that has a Bridge 2 and gets DHCP from DHCP-pool-2 range — 192.168.2.1 - 192.168.2.254

Interfaces 5,6,7,8 & Combo ports viz Interfaces 9,10,11,12 - LAN 3 that has a Bridge 3 and gets DHCP from DHCP-pool-3 range — 192.168.3.1 - 192.168.3.254

Problem: I want to send WOL packets from 198.168.2.x to 2 machines on udp port 9 - 1 machine is in the 192.168.1.x & other one in the 192.168.3.x. I tried both the NAT with PCC & Nth rules but I can wake only one of the machines. Either the 1st one wake and not the second one and vice versa depending on the sequence of the nat rule. Appreciate if anyone can shed some light on how to make this work.

As a matter of fact that wol packets cannot be sent to multiple subnets, I created the below hack to forward to a dummy ip thats mapped to the broadcast mac FF:FF:FF:FF:FF:FF as below

/ip firewall nat
add action=dst-nat chain=dstnat dst-port=9 in-interface=bridge2 protocol=udp to-addresses=192.168.3.190 to-ports=9
add action=dst-nat chain=dstnat dst-port=9 in-interface=bridge2 protocol=udp to-addresses=192.168.1.190 to-ports=9
add action=masquerade chain=srcnat out-interface=ether1

/ip firewall filter
add action=accept chain=forward dst-address=192.168.3.190 dst-port=9 in-interface=bridge2 out-interface=bridge3 protocol=
udp
add action=accept chain=forward dst-address=192.168.1.190 dst-port=9 in-interface=bridge2 out-interface=bridge1 protocol=
udp
add action=accept chain=forward dst-address=192.168.1.0/24 src-address=192.168.2.0/24
add action=accept chain=forward dst-address=192.168.1.0/24 src-address=192.168.3.0/24
add action=accept chain=forward dst-address=192.168.3.0/24 src-address=192.168.2.0/24
add action=accept chain=forward dst-address=192.168.2.0/24 src-address=192.168.3.0/24
add action=accept chain=forward dst-address=192.168.2.0/24 src-address=192.168.1.0/24
add action=accept chain=forward dst-address=192.168.3.0/24 src-address=192.168.1.0/24

kevinds · August 18, 2021, 11:46pm

WoL doesn’t use subnets, it operates in Layer 2.

What are you using to send the WoL packets? RouterOS in Tools - WoL asks which interface to send the WoL packets on.

tensorflow · August 19, 2021, 2:11am

Tried 2 tools- WOL Wake in Mac, Solar winds WOL tool/WakeMeOnLan for Windows. If I try using the RouterOS WOL tool, yes - I can wake both the machines individually as I can send the packets directly by choosing the bridges from the interfaces.

I am trying to wake from a machine in 192.168.2.x subnet. I created static ARP entries for the dummy IPs ending with 190. Based on the logs, I can see that the NAT rule intercepts the udp packet from bridge 2 and sends out to bridge 3 but not to bridge 1. I want to send the packet to both bridge 1 and bridge 3.

tdw · August 19, 2021, 9:04am

You can’t NAT the same source to multiple destinations. If you have a WoL tool which encapsulates magic packets with an IP wrapper you don’t need any NAT for routable subnets, just the fake ARP entries. Send encapsulated WoL packets to each of your target MAC addresses using either the destination 192.168.1.190 for machines on bridge 1 or 192.168.3.190 for machines on bridge 3.

Those firewall entries are redundant too, unless you have a specific add action=drop chain-forward rule, as the default policy is forward.