I'm trying to set up a script to automatically wake up one of my computers on demand. I'm using this guide: auto_wake_on_lan but but the iptables logging rule doesn't seem to pick any packets coming from the LAN.
Is there a way to detect packets coming from one computer on the LAN with the destination also on the same LAN?
Try tcpdump
Unfortunately there isn't enough space on the router to install tcpdump 
It's TP-Link TL-WR841N
If they're both on the same link-local network segment, all you need to do is send the "magic packet". That's the standard and intended use of WOL. Any of the WOL packages should work to generate that packet for you and transmit it on the link-local network.
All that crap about forging the ARP table and weird iptables rules is a huge hack to allow outside access to send WOL packets inside.
1 Like
Yes, I know that. I can wake the target manually, but I would like to make my router automatically wake the computer whenever there is a request.
A request from where?
Edit: "WOL with both ends on LAN" suggests that both the sender and the target are on the same link.
If you're talking off-link, the only approaches I can recommend are things akin to a command-bound ssh key that executes a specific, pre-defined command (preferably with no arguments, or at least none that you do more than branch on, and absolutely none that you simply pass to an executable) on the router.
Thank you, that is the workaround that i'm currently using (running the scrpit from ssh). I just wish it could run whenever there is a packet going through LAN with the specified destination 
.
You're trying to snoop a packet on the LAN and have that trigger your router to WOL one end of the conversation? (Computer Alice on LAN sends packet to computer BOB on LAN and router Robert sees packet and sends WOL to BOB?)
Because if both ends of that "trigger" are wired, then the packet goes through the hardware switch and never gets seen by the router. I think that's what you're finding out.
3 Likes
Yes that is exactly my problem, so there is no way for the router to pick up that?
Not exactly "no way" you could for example set up port mirroring and mirror packets to the router... but you'll add a ton of CPU overhead filtering those packets and limit the bandwidth available to the CPU to do useful stuff.
You could mirror the port to a dedicated CPU (like an OrangePi board or something) and have it be your "snooper" device. That'd leave CPU and bandwidth on the router to actually do useful stuff.
If the router is the only switch in the network segment, you'd need to use tcpdump or the like to snoop all traffic. Edit: If it is not the only switch and both devices aren't directly connected to it, it won't have visibility to the traffic at all.
When Device A wants to send a packet to Device B, it looks at its ARP table for the Ethernet address of Device B. If found, it sends an Ethernet packet on the wire to that address. It never goes "through" the router portion of your OpenWrt device at all.
There's the additional complication that ARP tables "age" over many seconds -- Even with snooping, your OpenWrt router may still have an ARP entry for Device B, even if Device B has "gone to sleep".
Thank you for the explanation! I thought that all the traffic even the LAN-to-LAN traffic goes through the router( and thus trigger the iptables rules).
Hello, did you manage to solve thoe problem? I'm facing the same thing. WoL is working if packet is forwarded:
iptables -I FORWARD 1 -p tcp -d 192.168.1.195 -m limit --limit 1/min -j LOG --log-prefix "WOL_LOG: " --log-level 7
In log:
Sun May 24 07:11:44 2020 kern.debug kernel: [909749.144842] WOL_LOG: IN=eth0.2 OUT=br-lan MAC=74:da:88:ef:1c:29:44:13:d0:d0:03:84:08:00:45:00:00:56 SRC=172.104.245.130 DST=192.168.1.195 LEN=86 TOS=0x00 PREC=0x00 TTL=50 ID=37126 DF PROTO=TCP SPT=443 DPT=53970 WINDOW=14 RES=0x00 ACK PSH URGP=0
But I need something like:
iptables -A INPUT -s 192.168.1.112 -p tcp -d 192.168.1.195 -m limit --limit 1/min -j LOG --log-prefix "WOL_LOG: " --log-level 7
When SRC is 192.168.1.112 for instance.
But, it's not working 
Nothing in the log. can somebody help me setting the correct iptables rule?
thank you