Dear community
First of all, thanks a lot for even existing, I greatly appreciate that there are people out there who just try to help newbies to come to grips with Linux!
About me: My name is Peter, and I've been the person in charge for the IT infrastructure at a small branch of our school for quite some months now. I'm not an IT professional, but I've taught myself quite a bit about Windows operating systems in all their different flavours. When it comes to Linux, however, I'm quite the noob.
On our network, there are 40 Windows workstations, one Windows server and one Linux router (which manages pretty much all of the network traffic - DHCP, internet connection, traffic between machines etc).
This router is some sort of appliance based on Linux, adapted to a school's needs (internet filtering, proxy authentication etc.).
https://onedrive.live.com/embed?cid=...ENYewSfOT3Ia2I
Currently, two networks are connected to that router (with different ip ranges), as can be seen in the picture (an ifconfig dump taken from the browser-based gui; but I checked it against the command line output of ifconfig just to make sure the gui doesn't "lie"). Eth1 and eth2, configured with bridges (br0, br2). Eth0 is used to connect to the internet, eth3 and br1 are currently unused (not deactivated, there's just nothing plugged in the corresponding ethernet port). Just to clear things up, the different eth0-3 are not virtual, but each of them corresponds to a physical ethernet port on the device.
Now, I hope that's enough background information, so here's my problem: The server (Windows Server 2008R2) is on br0, and I want to use it to wake the workstations which are on br2 up via LAN.
So far, I've successfully configured the Windows Server (the IP of which is 172.28.1.1) to send the Magic Packets via netcast (or network directed broadcast) to the broadcast address of br2 (172.26.255.255)on port 9 (UDP, with the Wake on Lan Tool 2 (
http://oette.wordpress.com/wol2/)).
However, the Linux router does not send those on to the workstations in the 172.26.x.x network (on br2).
I've already googled (and searched this and some other forums) a lot, but unfortunately I've not been able to find anything which comes even close to a solution. All I've found out is that broadcasts to different subnets are disabled by modern routers by default as a security measure.
I've asked the manufacturer of that router, and was told that they don't support this feature which isn't accessible via the (browser-based gui), but that it would be supported by the Linux kernel, but that they wouldn't help me with that because, well, they wouldn't support this feature.
So I guess I'll have to configure that with the command line, but I'm lost at how exactly to do that. I suppose I have to either configure something with ifconfig or maybe add something to the routing tables via command line? I've figured out how to enable/disable broadcasts (see picture, broadcast is enabled on the two relevant bridges), but that only seems to affect broadcasts initiated from WITHIN the same subnet, not those from another subnet.
I'm a bit too, well, call it shy or careful, to try stuff and mess with that router, as you can probably infer from the previous lines, this thing is pretty much "the heart" of our network. Thus, I would greatly appreciate it if somebody could help me with that (even if it was just telling me the correct search terms to find in on google, so far I've tried stuff like "wake on lan across/over/via linux bridge", "magic packets across/over/via linux bridge", "(network directed) broadcasts via/over/across linux bridge", all of them with no luck thus far.
Oh, another question to the experts, now I know that what I'm looking to achieve is disabled for a reason, am I right in the assumption that "all" I risk is a ddos/smurf attack (which would not be that bad; nothing permanently damaged/infected, all I have to do is disable it and the network is running again; after all, we're just a school, no big harm done if our network is down for an hour or two) once I get this running and a student on br0 figures out they can flood br2 with magic packets or ping requests? Or are there any graver security concerns I've missed while researching the matter?
Well, thanks to everybody who bothered to read this long text, any help is greatly appreciated!
Cheers, Peter
P.S.: Just in case that's important, another screenshot showing the Linux version:
https://onedrive.live.com/embed?cid=...MtOKKa3ESRadcQ