Does OpenWrt reject any port forwarding to the broadcast address?

daiaji · September 1, 2018, 11:48am

I am trying "openwrt WOL over Internet".

My IP address: 192.168.1.104/22

It seems that I can only create port forwarding to unicast addresses.

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option dest_port '9'
        option name 'WOL'
        option src_dport '5456'
        option dest_ip '192.168.1.104'

Forwarding to the broadcast address does not work.

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option dest_port '9'
        option name 'WOL'
        option src_dport '5456'
        option dest_ip '192.168.3.255'

jeff · September 1, 2018, 1:35pm

Link-local broadcast doesn't route.

See, apparently on the same topic

daiaji · September 1, 2018, 11:49pm

Can I modify the firewall configuration to make it work?

lleachii · September 2, 2018, 1:35pm

You may be able to receive and mangle the packet; but the behavior you wish to alter - is actually the nature of the subnet broadcast address.

@jeff, is there a Wake-On-LAN app for OpenWrt?

daiaji · October 14, 2018, 10:41am

@lleachii @jeff
I am trying to create a unicast IP address arp table using ip neigh add * lladdr * nud permanent dev br-lan.
But I found that it is very difficult for me to keep the flags of the arp table at 6 (this is usually the result of updating the arp cache after the terminal restarts. This will overwrite the flags of the arp table to 2)
I am using ip neigh add 192.168.1.254 lladdr ff:ff:ff:ff:ff:ff nud permanent dev br-lan

My wol is finally able to work under the WAN.

But I can't seem to find a suitable event to override the flags of the arp table to 6, which means that it is difficult to implement arp_bind using shell scripts on openwrt?

jeff · October 14, 2018, 3:03pm

It may be easier to accomplish you goal with a small executable that sends the packet you want, rather than trying to hack the ARP table. etherwake might be an option for that.

daiaji · October 23, 2018, 3:12pm

After a period of trying
I think it is too dangerous to allow the root user to log in to the terminal from the Internet.
It seems that using ip neigh add 192.168.1.254 lladdr ff:ff:ff:ff:ff:ff nud permanent dev br-lan created arp table is not so easy to age.