LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Getting Wake-On-LAN Magic Packets from one bridge/subnet to another on a Linux-Router
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-01-2014, 01:58 PM   #1
baedamichi
LQ Newbie
 
Registered: Apr 2014
Posts: 7

Rep: Reputation: Disabled
Getting Wake-On-LAN Magic Packets from one bridge/subnet to another on a Linux-Router

Dear community

First of all, thanks a lot for even existing, I greatly appreciate that there are people out there who just try to help newbies to come to grips with Linux!

About me: My name is Peter, and I've been the person in charge for the IT infrastructure at a small branch of our school for quite some months now. I'm not an IT professional, but I've taught myself quite a bit about Windows operating systems in all their different flavours. When it comes to Linux, however, I'm quite the noob.

On our network, there are 40 Windows workstations, one Windows server and one Linux router (which manages pretty much all of the network traffic - DHCP, internet connection, traffic between machines etc).

This router is some sort of appliance based on Linux, adapted to a school's needs (internet filtering, proxy authentication etc.).

https://onedrive.live.com/embed?cid=...ENYewSfOT3Ia2I

Currently, two networks are connected to that router (with different ip ranges), as can be seen in the picture (an ifconfig dump taken from the browser-based gui; but I checked it against the command line output of ifconfig just to make sure the gui doesn't "lie"). Eth1 and eth2, configured with bridges (br0, br2). Eth0 is used to connect to the internet, eth3 and br1 are currently unused (not deactivated, there's just nothing plugged in the corresponding ethernet port). Just to clear things up, the different eth0-3 are not virtual, but each of them corresponds to a physical ethernet port on the device.

Now, I hope that's enough background information, so here's my problem: The server (Windows Server 2008R2) is on br0, and I want to use it to wake the workstations which are on br2 up via LAN.

So far, I've successfully configured the Windows Server (the IP of which is 172.28.1.1) to send the Magic Packets via netcast (or network directed broadcast) to the broadcast address of br2 (172.26.255.255)on port 9 (UDP, with the Wake on Lan Tool 2 (http://oette.wordpress.com/wol2/)).
However, the Linux router does not send those on to the workstations in the 172.26.x.x network (on br2).

I've already googled (and searched this and some other forums) a lot, but unfortunately I've not been able to find anything which comes even close to a solution. All I've found out is that broadcasts to different subnets are disabled by modern routers by default as a security measure.
I've asked the manufacturer of that router, and was told that they don't support this feature which isn't accessible via the (browser-based gui), but that it would be supported by the Linux kernel, but that they wouldn't help me with that because, well, they wouldn't support this feature.

So I guess I'll have to configure that with the command line, but I'm lost at how exactly to do that. I suppose I have to either configure something with ifconfig or maybe add something to the routing tables via command line? I've figured out how to enable/disable broadcasts (see picture, broadcast is enabled on the two relevant bridges), but that only seems to affect broadcasts initiated from WITHIN the same subnet, not those from another subnet.

I'm a bit too, well, call it shy or careful, to try stuff and mess with that router, as you can probably infer from the previous lines, this thing is pretty much "the heart" of our network. Thus, I would greatly appreciate it if somebody could help me with that (even if it was just telling me the correct search terms to find in on google, so far I've tried stuff like "wake on lan across/over/via linux bridge", "magic packets across/over/via linux bridge", "(network directed) broadcasts via/over/across linux bridge", all of them with no luck thus far.

Oh, another question to the experts, now I know that what I'm looking to achieve is disabled for a reason, am I right in the assumption that "all" I risk is a ddos/smurf attack (which would not be that bad; nothing permanently damaged/infected, all I have to do is disable it and the network is running again; after all, we're just a school, no big harm done if our network is down for an hour or two) once I get this running and a student on br0 figures out they can flood br2 with magic packets or ping requests? Or are there any graver security concerns I've missed while researching the matter?

Well, thanks to everybody who bothered to read this long text, any help is greatly appreciated!

Cheers, Peter

P.S.: Just in case that's important, another screenshot showing the Linux version:

https://onedrive.live.com/embed?cid=...MtOKKa3ESRadcQ
Last edited by baedamichi; 04-01-2014 at 02:12 PM. Reason: Made heading more clear / added links to images
 
Old 04-01-2014, 03:50 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,350

Rep: Reputation: Disabled
I've looked into this, and after browsing through documentation and some trial-and-error, I've come to the startling conclusion that Linux just doesn't forward directed broadcasts to a connected subnet, and there's seem to be no setting to override this behaviour. This is actually allowed by (the ancient but still valid) RFC 922, so it's not technically a bug.

There are two possible workarounds:
  1. Install a helper application on the gateway in question
  2. Create a static ARP entry pointing to the broadcast MAC address
While (1) many not be feasible in your particular scenario, (2) should be easy enough, provided you have access to the command line. Just pick an unused IP address in the subnet, and run:
Code:
arp -s <IP_address> ff:ff:ff:ff:ff:ff
I've tested this, and apparently the ARP implementation isn't too picky about the contents of the ARP cache, so it will happily create and send broadcast frames for any traffic to the IP address in question.
 
1 members found this post helpful.
Old 04-05-2014, 03:31 AM   #3
baedamichi
LQ Newbie
 
Registered: Apr 2014
Posts: 7

Original Poster
Rep: Reputation: Disabled
Thanks a bunch, your answer was really helpful!

I tried solution 2., and it works quite well thus far. Just in case anyone with the same problem stumbles across this, I just want to explain what I had to do to get this working:

Firstly, of course, I did what Ser Olmy proposed from the command line of the Linux gateway/router, logged in as root.

Then, in my Wake-On-Lan-Tool I had to manually create a second entry for each computer on the network in question, using the computers' real mac addresses and the fake-broadcast-ip which I assigned to the broadcast mac address (ff:ff:ff:ff:ff:ff) on the Linux router. The wake on lan method to be used from the three choices Wake On Lan 2 gives you is "direct", i.e. the packets are directly sent to the "fake-broadcast-address".

And this works, the computers on the subnet receive the packets and wake up.

Of course, if you do it that way, you shouldn't forget to tell your DHCP server not to assigne the address you used as a "fake-broadcast-address" to any client computers (which I could do from the web interface of the linux box).

Downsides of this approach (I just wonder why there is no simple switch to enable broadcasts across subnets on a Linux router, I could imagine there are more people like me who don't have a server running 24/7 on all of their subnets...) are of course that you manually (the automatic detection of network computers via DHCP included in Wake On Lan 2 of course only returns the client computers with their "real" ip addresses, not the fake broadcast one) have to add all computers on the formerly unreachable subnet to whatever solution you use for sending the packets (which in my case happens to be Wake On Lan 2). The program I use doesn't allow you to add more than one MAC addressper host, so basically I have to create an additional entry for each host. Also, of course I still need a "correct" (i.e. with the correct IP address) entry for each client computer on that subnet in Wake On Lan 2, as I also use it to shut the computers down and to monitor whether they are online or not, which of course only works with a correct IP address. For my specific setup, that doesn't matter too much, as the subnet in question is only a room for students to work in with only four computers, so that's not really a problem.
The second downside is, of course, that even though the ARP entry I had to create is called "static", it gets deleted every time the Linux box needs a restart or the network interface is brought down and up again for some reason or other.
To partly solve the second downside, I created a script (arp -s 172.26.1.7 ff:ff:ff:ff:ff:ff) and put it in the init.d folder, so the netry gets created on each startup. What I haven't been able to solve yet is to automatically create the arp entry when the network is brought up again, I haven't found the /etc/network/init.d folder which, as far as I found out, is supposed to contain scripts that run when a network adapter is brought up. I'll look into that further and post here once I found something.

Lastly, I have had a quick look at Ser Olmy's first proposed workaround, and found this:

http://darkness.codefu.org/wordpress...adcast-helper/

I haven't had the time to play around with it yet, but maybe some day.

If anyone wants to share their experience on waking up computers across different subnets, hopefully they'll share it here, as I was somewhat surprised that nothing was to be found on google, as, like I said, I could imagine that there are more people than just me who need to wake up compters in different subnets...

Finale remark: Ser Olmy, thanks again, I'm really grateful for your help!

Regards,

Peter
Last edited by baedamichi; 04-05-2014 at 03:32 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wake up on Lan on access without magic packet bobbykev Linux - Networking 4 01-07-2014 09:35 AM
Sending Wake-on-LAN packets at kernel level anon069 *BSD 2 05-08-2010 09:18 PM
7.10 Server wol (wake-on-lan) via ARP (no magic packet), help? Elohist Linux - Networking 0 01-21-2008 12:02 AM
wake on lan magic packet does not wake. albean Linux - Networking 1 06-30-2007 03:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:56 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration