In order to wake up a local NAS I require iptables to log connection attempts to the IP address of said target device. I installed kmod-br-netfilter and added net.bridge.bridge-nf-call-iptables=1 to /etc/sysctl.conf. I also added static DHCP entries for the target machine.
There is a problem with your plan, or actually two orthogonal ones.
the (typically-) four LAN ports are usually bridged inside your router's hardware switch, as a consequence the kernel (and with that the netfilter code) doesn't get to see the LAN traffic (yes, ARP requests are slightly different).
if you break up this hardware bridge and force the kernel to bridge in software, you suddenly need a lot more hardware resources to keep up.
While technically possible (with the caveats above), I don't think opening this can of worms would be a good idea.
Yes, this is indeed introducing problems that I had absolutely no knowledge about. That also explains why my attempts with ebtables were rather fruitless.
On the other hand that would also mean, that a secondary OpenWRT device dedicated to the NAS would possibly solve my issue, right? I know it would be rather silly and just manually sending magic packets via a desktop shortcut or something would solve the issue as well. But I'm somewhat determined to find a "lazy" solution.
Small update on the issue, which turned out to be quite a ride.
Whilst messing around with the 2 router setup I managed to brick my main router (WRD3600) with the wrong firmware. It then refused to accept a TFTP recovery, no matter what kind of firmware (stripped, correct bytesize) I uploaded. Thus the only way of rescue was a recovery via serial port, which was a first for me. And this one's for Google: A CH340 uart adapter doesn't work out of the box and only outputs gibberish. Probably due to some missing pullup resistors, but I didn't bother with it cause a CP2102 works just fine out of the box.
But back to the original issue: It kinda works, but I'm still experiencing seemingly odd behavior. I added these two firewall rules to see what's being logged:
However after a certain amount of time passes there are no new log entries being generated.
Both routers have permanent and correct arp entries. My Laptop as a client however did not. But once I manually added an arp entry on that machine, the iptables entry started logging again without any flaws. Hence I'm wondering if that was the issue all along?
If this manual entry sticks and iptables keeps logging under these circumstances and with the target machine being offline, then the initial problem should be solved.