Hello, I would link to run a script (with a wol comand inside) to start certain PC with Wol. The script works fine, but I want to trigger the script only when traffic to that specific PC is detected. For example, I want the pc off all the time, but if a send an http request or whatever traffic is destinated to that PC, to be detected by mikrotik and then execute the wol script in order to turn it on.
Thanks for any help on the subject.
Unfortunately RouterOS currently doesn’t allow triggering of a script by a firewall rule match or by an address list becoming non-empty.
So you can use a mangle rule to add the dst-address to an address-list (“send-wol”), with a lifetime of a few seconds, each time a packet arrives for the PC you want to wake up this way, and schedule a script to run once per second which will check whether there are any entries in this address-list and if yes, send the WOL packet to the corresponding PC. Another address-list (“block-wol”), with longer lifetime, would be filled by source addresses of packets sent by those PCs. The script would check for absence of the destination address on the “block-wol” list before actually seding the WOL packet (so that it would not send WOL packets to PCs which are alive); after sending the WOL packet, the script itself would add an item to the “block-wol” list. To save CPU, the mangle rule adding the address to “send-wol” would have a match condition dst-address-list=!block-wol, i.e. while the PC is up, its address will not be added to the “send-wol” list.
I am not really sure i understand…
You want to wake the PC when you send an HTTP request? What is the benefit of that ?
When the PC wakes that HTTP request wont exist anymore anyways…
Hi Zacharias, doesn’t matter if it is htttp or whatever traffic, y just need that when any traffic is pointed to that PC, the wol script runs and turns it on.
Can you give any hint on how to do this. I’ve never used mangle rules.
The mangle rule handling the incoming traffic to the PCs must be in chain=forward so that it would see the real address of the PC on the LAN even if you use dst-nat to connect to LAN PCs from the internet (so chain=prerouting wouldn’t do), and to see the packet even if the arp table doesn’t contain the IP->MAC address translation so the packet is not actually sent (so chain=postrouting wouldn’t do). If you want to test using traffic sent from the Mikrotik itself, you have to add the same rule to chain=output:
/ip firewall mangle add chain=forward dst-address-list=!block-wol dst-address=your.lan.sub.net/mask connection-state=new action=add-dst-to-address-list address-list=send-wol address-list-timeout=5s
The mangle rule for handling the outgoing traffic from the PCs must be in chain=prerouting in order to handle any outgoing traffic of the PCs, even one towards the Mikrotik itself (DHCP, DNS):
/ip firewall mangle add chain=prerouting src-address=your.lan.sub.net/mask action=add-src-to-address-list address-list=block-wol address-list-timeout=10s
The script would look something like
:foreach listItem in=[/ip firewall address-list find list=send-wol] do={
:local pcAddress [/ip firewall address-list get $listItem address]
:if ([:len [ip firewall address-list find list=block-wol address=$pcAddress]] = 0) do={
# assuming you have configured static DHCP leases for the PCs:
/tool wol mac=[/ip dhcp-server lease get [find address=$pcAddress] mac-address]] interface=bridge
/ip firewall address-list add list=block-wol address=$pcAddress timeout=50s # adjust to the wake-up time with some margin
/ip firewall address-list remove $listItem
}
}