Wake-on-LAN ... problems with ARP tables

8kvscdpglqnyr4

I have Belkin Wireless Gateway/Router N1+ Adsl Modem and I'm trying to get wake-on-LAN (WOL) to work from the internet.

I've WOL working between 2 PCs on my private home LAN. I can put PC #1 into S3 sleep mode and wake it from PC #2 on my home LAN with a magic packet. So that confirms WOL is working on PC #1 (this is done via a layer 2 packet (MAC layer) so no layer 3 (IP) frames yet.

Next step, get it working from the Internet. Now I enable port forwarding (virtual servers) in my Belkin Router. I specify all packets that come in from the WAN on UDP port 9, get forwarded to the IP address of PC #1 on my home LAN. So I put PC #1 into S3 sleep mode and immediately send a WOL magic packet from outside the LAN. PC #1 wakes up! Excellent so far.

Now if I leave PC #1 in sleep mode for a couple of minutes and try again, it won't work!!!!

So here's what I think is happening (and I've used Wireshark to verify this):
1. When PC #1 is operating, it responds to ARP requests from the router and the ARP tables in the router stay updated.
2. When PC #1 is put into S3 sleep mode, it no longer responds to ARP requests and the IP address for PC #1 is aged out of the APR table in the router. (as I said above, if I send the magic packet really quickly, it works ... this is because the IP address for PC #1 is not aged out yet!).
3. As a result of the aging of IP address for PC #1 from the ARP tables in the router, it blocks the magic WOL frame from the WAN entering the LAN as it doesnt recognise the IP address.

Here's what I've tried so far to fix the problem:
1. I've tried to put 255 in the port forwarding IP address. The Belkin Router won't allow this (javascript in the user page prevents the value of 255 being entered).

2. I've saved the configuration for the Belkin Router. I've opened the config file in an editor of modified the port forwarding (virtual server) section and replaced the IP address of PC#1 with the broadcast IP address for the LAN (192.168.2.255). I've then reloaded the config file into the router and sure enough, when I got to the Port Forwarding section of the router via the web interface, it has the broadcast IP address for the LAN (192.168.2.255) in the port forwarding rules for UDP port 9. But when I send a magic WOL frame from the internet, it still doesn't get through from WAN to LAN.

3. I've disabled DHCP in the router and manually assigned IP address to each machine in the home LAN in the hope that this would slove the ARP timeout problem. No luck! Exact same behaviour.

So I realise that was a long winded post and well done if you've read to here
Has anyone else seen this? Is there a way around it?
Thanks!

Alun

Most routers now by default don't accept packets coming into them destined for a local subnet's broadcast address as this is/was a technique used quite commonly for DDOS attacks (Smurf). Maybe this is why your Belkin router doesn't allow you to put in a broadcast address in the forwarding field, although that is, as far as I know, the only way to achieve what you want to do.

The only other way I can think of whereby you could get around it would be if you could somehow insert a permanent entry into the routers ARP table, or even just increase the timeout value, something that'd be easy enough on something like a Cisco, but not on a consumer router like this.

8kvscdpglqnyr4

I don't seem to have acces to the ARP timeout values - I was looking for this setting via the web interface to the router but couldn't find anything. Also tried telnetting into the router to see if there were any more advanced options but I couldn't find anything.

This is very fustrating ... I know WOL works for my PC and I know it works through the router. I just need to get access to the ARP tables in the router to setup a permanent entry or changing the ARP agning process

FruitLover

See if there's any alternative firmware you can use on the router that might let you add static ARP entries (or at least change the timeout value).

Otherwise: Are there any other systems on that network that are permanently on (i.e. not asleep)? If so, you might be able to get them to send out gratuitous ARP messages forged with the sleeping machine's IP and MAC addresses.

Alun

FruitLover wrote:

Otherwise: Are there any other systems on that network that are permanently on (i.e. not asleep)? If so, you might be able to get them to send out gratuitous ARP messages forged with the sleeping machine's IP and MAC addresses.

I've seen WOL proxies around on the net if that's the case as well, but I guess that if it's only two machines in total on the net that that isn't going to be too likely a scenario.

8kvscdpglqnyr4

FruitLover wrote: »

See if there's any alternative firmware you can use on the router that might let you add static ARP entries (or at least change the timeout value).

I've tried this with no luck.
It looks like this is not possible with my router.

Alun

OK, clutching at straws here, but seeing as the IP address in the WOL packet is irrelevant to all this, have you tried to specify the administrative address of the router itself as the destination (if it will alow you to)? Chances are if it does it'll just not send any packets out onto the LAN, but it's maybe worth a try at this stage. You could also try the general multicast address 224.0.0.1.

8kvscdpglqnyr4

Alun wrote: »

OK, clutching at straws here, but seeing as the IP address in the WOL packet is irrelevant to all this, have you tried to specify the administrative address of the router itself as the destination (if it will alow you to)? Chances are if it does it'll just not send any packets out onto the LAN, but it's maybe worth a try at this stage. You could also try the general multicast address 224.0.0.1.

The admin address of the router is the IP address I specify for the WOL packet from the internet.
I use this site to generate the WOL packet:
http://wakeonlan.me/
In the host name field, I use the domain specified by dyndns.org. I know DDNS is working because I can remote log-in to the router.

How could I use the general multicast address?

Thanks again for youe help. I'm starting to think it's a limitation of the router. Some of the Linksys routers seem to support it via a small workaround.

Alun

Everleigh Teeny Twig wrote: »

The admin address of the router is the IP address I specify for the WOL packet from the internet.
I use this site to generate the WOL packet:
http://wakeonlan.me/
In the host name field, I use the domain specified by dyndns.org. I know DDNS is working because I can remote log-in to the router.

That's the address on the WAN side. I meant putting the admin address from the LAN side as the target for the port forwarding on your router, i.e. 192.168.1.1 or .254, whatever it is for your router.

How could I use the general multicast address?

In the same way, i.e. put 224.0.0.1 in instead of the IP address of the machine you want to wake.

8kvscdpglqnyr4

Alun wrote:

That's the address on the WAN side. I meant putting the admin address from the LAN side as the target for the port forwarding on your router, i.e. 192.168.1.1 or .254, whatever it is for your router.

OK - tried that and no joy.

Alun wrote:

In the same way, i.e. put 224.0.0.1 in instead of the IP address of the machine you want to wake.

Tried this also and no joy. To do this isn't straight forward either. In the port forwarding setup of my router, I'm only able to put in 192.168.2.X where X is the field I can modify. I have to dump the router config to a file, modify the port forwarding section in a text editor and reload the config from that file.
Didn't work though!

Thanks for all the suggestions though.

Sniipe

sorry for dragging up a no-so-old thread.

I've also been having difficulty with setting up WOL over the internet. I can easily do it over the network. My router even has a setting set up for WOL.

I'm with NTL/UPC... is there a chance they could have these ports blocked?

Have u gotten anywhere with your WOL issues?

I set up Dynamic DNS perfectly so that I can ping the router, but it just doesn't work with the magic packet.

8kvscdpglqnyr4

I was just looking back on this thread to see if there were any more replies.

Sniipe wrote: »

I've also been having difficulty with setting up WOL over the internet. I can easily do it over the network. My router even has a setting set up for WOL.

Same as me.

Sniipe wrote: »

I'm with NTL/UPC... is there a chance they could have these ports blocked?

Have u gotten anywhere with your WOL issues?

I set up Dynamic DNS perfectly so that I can ping the router, but it just doesn't work with the magic packet.

I doubt it's NTL. I think it's due to ARP cache being flushed in the router.

Does it work for you if you send the magic frame from outside your LAN immediately after putting the PC to sleep?