Community discussions

 
CapFloor
just joined
Topic Author
Posts: 8
Joined: Sat Feb 06, 2016 1:38 pm

Remote WoL

Fri Aug 09, 2019 11:14 am

Hi,

I want to wake a server in my network from the internet via WoL.

With bintec routers this works by sending the magic packet to the external IP of the router and do a port forwarding to the directed broadcast address of the internal target network, like:
//ip address
add address=192.168.1.1/24 interface=network-001 network=192.168.1.0

/ip firewall nat
add action=dst-nat chain=dstnat comment="WoL remote" dst-port=99 protocol=udp to-addresses=192.168.1.255 to-ports=9
This doesn't work with mikrotik routers. The forward packet ends up in the input queue of the router and doesn't trigger a broadcast in subnet 192.168.1.0/24.

Is this right?

BR
Frank
 
tdw
Member Candidate
Member Candidate
Posts: 173
Joined: Sat May 05, 2018 11:55 am

Re: Remote WoL

Fri Aug 09, 2019 2:24 pm

Routing broadcast, and unicast to broadcast, has been considered to be a bad thing for many years - most network devices don't do it, some have options to allow it, or specific 'helper' functions for some protocols.

I've abused the DHCP relay helper in HP routers in the past to broadcast WoL packets, you may be able to do similar on a Mikrotik. Other options are to trigger a script to send a WoL packet with /tool wol, or an evil hack is to add a static ARP entry for an unused IP address in the target subnet with the broadcast MAC address as described here
 
CapFloor
just joined
Topic Author
Posts: 8
Joined: Sat Feb 06, 2016 1:38 pm

Re: Remote WoL

Fri Aug 09, 2019 3:39 pm

Thanks, I somehow expected, that Mikrotik doesn't support broadcast routing.

From your choice of possible solutions, I favoured the "evil hack" right away 8) . Works great.

Should read more on reddit.com :D .

br
Frank
 
pe1chl
Forum Guru
Forum Guru
Posts: 5545
Joined: Mon Jun 08, 2015 12:09 pm

Re: Remote WoL

Fri Aug 09, 2019 4:07 pm

It is not really true that routing of network broadcast is not supported. It works OK in a truly routed network, just not in those constructs with NAT as you described.
 
User avatar
k6ccc
Member
Member
Posts: 464
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Remote WoL

Fri Aug 09, 2019 6:15 pm

If you can access the router, you can either manually send the WOL command or type up a script and execute the script. By creating a scrpt in advance, you don't have to know the MAC of the target device.
add dont-require-permissions=no name="Boot Old Family room PC on .101" owner=\
    SuperMgr policy=test source="# Policy needed:  Test\r\
    \n:log info \"Sending WoL Magic Packet to Family room PC\"\r\
    \n/tool wol interface=E2-p4_101 mac=00:1E:4F:BB:E6:29\r\
    \n:delay 00:00:10\r\
    \n/tool wol interface=E2-p4_101 mac=00:1E:4F:BB:E6:29\r\
    \n:delay 00:00:10\r\
    \n/tool wol interface=E2-p4_101 mac=00:1E:4F:BB:E6:29\r\
    \n:log info \"WoL script completed\"\r\
    \n\r\
    \n"
I have it send the WOL three times just in case it gets missed.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
FunctionalIT
just joined
Posts: 4
Joined: Fri Oct 21, 2016 10:45 am

Re: Remote WoL

Fri Aug 09, 2019 8:00 pm

I use a workarround for this:

1
Make a Firewall Filter rule to "detect" incoming requests on a certain port:

/ip firewall filter add action=drop chain=input comment=WOL disabled=no dst-port=5555 protocol=tcp

This rule will drop all packets that come in on TCP/5555, but it will also count them

2
Make a script that will read out the counter of rule above. If packets came in, send the WOL magic packet to the server.
Also, check if the server is booted up, in that case reset the counter

:local i;
:set i [/ip firewall filter get value-name=packets number="WOL-KDM"];
:if ([/ping IPADDRESSOFVERSER count=1] = 1) do={
/ip firewall filter reset-counters numbers="WOL"
/system scheduler set numbers="WOL" interval=00:05:00
:delay 60s;
} else= {
:if (i>0) do={
/system scheduler set numbers="WOL" interval=00:01:00
/tool wol mac=MAC-OF-SERVER interface=LAN
/tool e-mail send to="Mail@address" subject="Booting Server"
} else= {
/system scheduler set numbers="WOL" interval=00:00:05
};
};


With this if you make a TCP connection on port 5555 to your router (example "telnet REMOTEIP 5555"), it will fail to make connection, but it will boot up your server.

You can make it more secure by creating a sequence of actions to do (example, making tcp on 5556 puts your IP address in an address list for 5 seconds, only addresses in that list are allowed to use the WOL filter rule), So you would have to know you have to send a packtet to 5556 and then 5555 within 5 seconds to boot the server ...
 
User avatar
nichky
Long time Member
Long time Member
Posts: 516
Joined: Tue Jun 23, 2015 2:35 pm

Re: Remote WoL

Sat Aug 10, 2019 12:23 am

@CapFloor does it work correctly?
in may case everything works perfectly until i unplug/plug cable from computer/server. From that time stopped to work. What about in your case?
Nikola Shuminoski
Network Engineer
E-Mail: nikola.suminoski@outlook.com
MikroTik Consultan
MTCRE l MTCWE

!) Safe Mode is your friend;
 
CapFloor
just joined
Topic Author
Posts: 8
Joined: Sat Feb 06, 2016 1:38 pm

Re: Remote WoL

Sat Aug 10, 2019 8:35 pm

Hi,
for me the static ARP entry works great.

Your case sounds to me like your server NIC isn't able to wake up the server upon receiving a magic packet after unplug / plug the network cable. Can you still wake up the server from within your LAN in this situation?

br
Frank
 
User avatar
nichky
Long time Member
Long time Member
Posts: 516
Joined: Tue Jun 23, 2015 2:35 pm

Re: Remote WoL

Sat Aug 10, 2019 11:16 pm

Hi,
for me the static ARP entry works great.

Your case sounds to me like your server NIC isn't able to wake up the server upon receiving a magic packet after unplug / plug the network cable. Can you still wake up the server from within your LAN in this situation?

When i ll do unplug / plug,i can't send any more magic packet


br
Frank
Nikola Shuminoski
Network Engineer
E-Mail: nikola.suminoski@outlook.com
MikroTik Consultan
MTCRE l MTCWE

!) Safe Mode is your friend;

Who is online

Users browsing this forum: No registered users and 31 guests