Configuring Wake on Lan to occur during Plex requests nftables

abwezi · January 6, 2024, 12:46am

Hello! I am attempting to set up what I have seen described in some guides online where I will be able to allow my computer that runs as a Plex media server to go to sleep and then wake using WOL when users attempt to send a request to the Plex port 32400. I have successfully installed etherwake and luci-app-wol and confirmed I am able to manually wake on lan the computer so that is all working as expected. The issue I am confronted with is that I am unsure how to configure the router to send WOL commands to the computer when Plex access is attempted like described in the guides. I found this thread here: https://forum.archive.openwrt.org/viewtopic.php?id=68357 and this script I am having trouble locating the thread I found in my history sorry but code here
`#!/bin/sh

PINGS_CNT=1
SRV_IP=192.168.x.xxx #My server local IP
SRV_MAC=xx:xx:xx:xx:xx:xx #My server MAC working with manual WOL
SRV_PORT=32400
#BC_IP=192.168.0.255
WOL=/usr/bin/etherwake
LOG=/var/log/wol

logger -p user.info -t PLEX "[date -Iseconds] PLEX Wake on LAN serevice was started."
ip -D FORWARD -p tcp --dport 32400 -m state --state NEW -j LOG --log-prefix "PLEX Connection "
ip -I FORWARD -p tcp --dport 32400 -m state --state NEW -j LOG --log-prefix "PLEX Connection "
#echo "Log was truncated at [date -Iseconds]" > $LOG # Truncate log
logread -f | while read LOG_LINE; do
DST=echo $LOG_LINE | grep -Fo "DST=$SRV_IP"
DPT=echo $LOG_LINE | grep -Fo "DPT=$SRV_PORT"
if [ "$DST" == "" -o "$DPT" == "" ]; then
continue
fi
#SRC_IP=echo $LOG_LINE | grep -Fo "SRC=" | sed -e "s/SRC=//g"
SRC_IP=echo $LOG_LINE | grep -Fo "SRC="
if [ "$SRC_IP" != "" ]; then
# Found a matching line. Try to ping the server
PING_RSLT=ping -c $PINGS_CNT -W 1 $SRV_IP 2> /dev/null | awk '/packets received/ {print $4}'
if [ "$PING_RSLT" != "$PINGS_CNT" ]; then
# Guess it's sleeping. Send WoL.
#echo "[date -Iseconds] $SRC_IP causes PLEX SRV WoL." >> $LOG
#logger -p user.info -t PLEX "[date -Iseconds] $SRC_IP causes PLEX SRV Wake on LAN."
logger -p user.info -t PLEX "[date -Iseconds] PLEX SRV Wake on LAN was triggered."
$WOL $SRV_MAC #>> $LOG
#else
#echo "[date -Iseconds] PLEX SRV $SRV_IP was accessed by $SRC_IP and is alive." >> $LOG
#logger -p user.info -t PLEX "[date -Iseconds] SRV is alive"
fi
fi
done`

the issue I am confronted with is the iptables commands do not run as my device has nftables, and I cannot install it iptables because the kernal of my image is out of date. Is there a way to still make this work without reimaging and starting from scratch?

pavelgl · January 6, 2024, 9:00am

abwezi:

ip -D FORWARD -p tcp --dport 32400 -m state --state NEW -j LOG --log-prefix "PLEX Connection "
ip -I FORWARD -p tcp --dport 32400 -m state --state NEW -j LOG --log-prefix "PLEX Connection "

Disclaimer: Given that these commands must start with iptables, I don't know what else in this script could be wrong as well.

Here is the translation to nftables.

a=$(nft -a list chain inet fw4 forward | grep PLEX)
nft delete rule inet fw4 forward handle "${a##* }" 2>/dev/null
nft insert rule inet fw4 forward tcp dport 32400 ct state new counter log prefix \"PLEX Connection \"

abwezi · January 6, 2024, 6:29pm

It is working and I have my PC waking on LAN when the port is accessed. Unfortunately it seems that Plex periodically requests the port outside of my regular use and the PC wakes when I don't intend it to now. The IP addresses in the logs appear to be from Amazon servers that Plex uses so I'll have to find a way to either block those addresses or disable that within Plex but I have not found a correct setting there yet. Thank you

grrr2 · January 6, 2024, 7:16pm

you can use ingress interface name as additional condition:

nft insert rule inet fw4 forward iifname br-lan tcp dport 32400 ct state new counter log prefix \"PLEX Connection \"

abwezi · January 6, 2024, 7:23pm

So would that make it so only LAN devices would activate it?

grrr2 · January 6, 2024, 8:55pm

yes. the logic behind the syntax is:

# command:
nft insert rule # <-- insert a new rule

# command destination:
inet fw4 # <-- table called fw4
forward # <-- within table, chain called forward

# matching criteria:
iifname br-lan # <--  if packet coming in via interface called br-lan
tcp # <-- and if protocol is tcp
dport 32400 # <-- and if destination port is 32400
ct state new # <-- and if connection state is new

# rule action: 
counter # <-- in case of match count number of matches
log prefix \"PLEX Connection \" # <-- and trigger a log message with prefix

system · January 16, 2024, 8:58pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.