Hi!
Looking for a way to make my Asus router forward wake on lan packets from the WAN port to my local network, I stumbled over several threads in this forum.
There seem to be a lot of different solutions, yet none that might work with stock firmware of Asus routers, respectively providing the possibility to wake up _any_ computer on the local network.
Let me briefly describe the scenario I'd like to implement, I actually think that it is not that exotic:
- I manage a small network of office computers, and want to be able to wake up any of them remotely.
- I am using TeamViewer to do that at the moment - TeamViewer on every PC will register that device's MAC somehow with TeamViewer Cloud services - so essentially in the management application of TeamViewer I have a list of all the PCs I manage, and I can "right-click" and "wake" them.
- This will issue a magic packet to the routers public static IP, port 7, containing that PCs MAC address (like its supposed to be).
- Now, I need that packet to be forwarded to the local networks broadcast IP. It is not sufficient to just forward to a single PCs IP, since that would only allow me to wake up that particular PC. Maybe I could go around that by using n different ports for n different PCs to wake up, and configure all those port forwardings in the router - but that is cumbersome.
- So my first guess was: Forward anything with dport 7 to 192.168.1.255 or 255.255.255.255. I can set that forarding rule, but I can see that the firewall is DROPing those in the system log. So apparently there is some built-in firewall rule which does not allow forwarding to "broadcast-any" and neither directed broadcasts.
- What I can do: forward to 192.168.1.254 (for example) and set a static arp entry that will resolve to the broadcast MAC address. This works (verified) but forces me to set that static entry on every reboot.
- I tried to add a firewall rule to allow dport 7 to be forwarded to either of the 2 broadcast IPs above, but the router interface would not allow me to do that with the error message "not a valid IP address".
Now, I am aware that some people get this to work with a single PC - using a static DHCP binding which will always resolve to the MAC address of that PC, thus making the port forward to that IP work.
I can also see that some are exposing the routers management interface to the internet - and using the "Network Tools" utility in the webinterface - I dont want to do that.
Some are VPNing into the router, then using the interface or wakeOnLan CLI tools - I also dont want to do that. I do want to provide some employees with the possibility to remotely wake their PCs and work from home, thus the most user-friendly solution would be to let them use TeamViewer as well.
So it actually boils down to: How do I make the Asus router forward all dstPort 7 packets to either 255.255.255.255 or 192.168.1.255?
Or: How do I persist that static arp entry with stock firmware?
Or: Did I miss something? Is there an easier way to accomplish this? Maybe I am thinking too complicated.
Some answers regarding this topic suggest that it is not a smart idea to forward to the local network's broadcast address, since random port-scans on the internet might wake up local PCs. I dont see that issue, since those port-scans wouldn't issue valid magic packets (i.e. contain MAC addresses valid for my local LAN). That being said: Yes I agree it is still not a great idea to forward anything to the LANs broadcast address, but I might be able to restrict the forwarding to a few selected source IPs, so I can live with that.
Anybody any hint on how to accomplish that? I cannot imagine that I am the only one trying to achieve something like that?
Looking for a way to make my Asus router forward wake on lan packets from the WAN port to my local network, I stumbled over several threads in this forum.
There seem to be a lot of different solutions, yet none that might work with stock firmware of Asus routers, respectively providing the possibility to wake up _any_ computer on the local network.
Let me briefly describe the scenario I'd like to implement, I actually think that it is not that exotic:
- I manage a small network of office computers, and want to be able to wake up any of them remotely.
- I am using TeamViewer to do that at the moment - TeamViewer on every PC will register that device's MAC somehow with TeamViewer Cloud services - so essentially in the management application of TeamViewer I have a list of all the PCs I manage, and I can "right-click" and "wake" them.
- This will issue a magic packet to the routers public static IP, port 7, containing that PCs MAC address (like its supposed to be).
- Now, I need that packet to be forwarded to the local networks broadcast IP. It is not sufficient to just forward to a single PCs IP, since that would only allow me to wake up that particular PC. Maybe I could go around that by using n different ports for n different PCs to wake up, and configure all those port forwardings in the router - but that is cumbersome.
- So my first guess was: Forward anything with dport 7 to 192.168.1.255 or 255.255.255.255. I can set that forarding rule, but I can see that the firewall is DROPing those in the system log. So apparently there is some built-in firewall rule which does not allow forwarding to "broadcast-any" and neither directed broadcasts.
- What I can do: forward to 192.168.1.254 (for example) and set a static arp entry that will resolve to the broadcast MAC address. This works (verified) but forces me to set that static entry on every reboot.
- I tried to add a firewall rule to allow dport 7 to be forwarded to either of the 2 broadcast IPs above, but the router interface would not allow me to do that with the error message "not a valid IP address".
Now, I am aware that some people get this to work with a single PC - using a static DHCP binding which will always resolve to the MAC address of that PC, thus making the port forward to that IP work.
I can also see that some are exposing the routers management interface to the internet - and using the "Network Tools" utility in the webinterface - I dont want to do that.
Some are VPNing into the router, then using the interface or wakeOnLan CLI tools - I also dont want to do that. I do want to provide some employees with the possibility to remotely wake their PCs and work from home, thus the most user-friendly solution would be to let them use TeamViewer as well.
So it actually boils down to: How do I make the Asus router forward all dstPort 7 packets to either 255.255.255.255 or 192.168.1.255?
Or: How do I persist that static arp entry with stock firmware?
Or: Did I miss something? Is there an easier way to accomplish this? Maybe I am thinking too complicated.
Some answers regarding this topic suggest that it is not a smart idea to forward to the local network's broadcast address, since random port-scans on the internet might wake up local PCs. I dont see that issue, since those port-scans wouldn't issue valid magic packets (i.e. contain MAC addresses valid for my local LAN). That being said: Yes I agree it is still not a great idea to forward anything to the LANs broadcast address, but I might be able to restrict the forwarding to a few selected source IPs, so I can live with that.
Anybody any hint on how to accomplish that? I cannot imagine that I am the only one trying to achieve something like that?