Postby beagle » Tue Jul 13, 2010 8:10 pm
I'm only about 60% there on this at the moment, so someone please correct me if you know better - here's what I've found out so far after much googling... which in short points to my router being the issue.
1) Consumer grade routers deliberately stop something called a "directed IP broadcast" - basically a broadcast message command across a subnet, but initiated from another subnet. i.e. a message from the WAN (internet) instructing a broadcast message to take place on my own LAN. This type of message is apparently the basis of smurf and fraggle attacks, so routers deliberately block them. The reason this seems to affect WOL, or more specifically here "remote WOL" or "WOW" (Wake on WAN), is because the WOW packet originating from the WAN is trying to initiate a broadcast across your own local network to all local network assets, but must pass through your router to get there. Your router of course, can't tell if this is legitimate WOW request, or a melicious attack, so blocks it. Problem no 1.
2) If you are able to get a packet through somehow, then the next problem people find is that WOW works for the first few mins after switching off the target device, but then no longer. This is because a WOW packet goes to a MAC address, not an IP address. Your router stores a correlation table of MAC addresses to IP addresses in it's ARP cache, which is continuously updated by live devices saying "hello" and identifying their MAC, and the router then assiging them an IP address. Now when you turn off a device, it no longer advertises itself (because it's off), so eventually the router loses sight of the MAC and thus terminates the association with an IP - by flushing the ARP cache in the routers memory every few mins - hence again stopping WOW working because this time the router isn't even trying to send out the magic WOW packet to the right device. Problem no 2.
Now then, this is where I've now generated more questions than I've found answers!...
The proposed answer appears to be to buy a half decent router that provides functionality to allow WOW magic packets through it's firewall (prob 1), and permits something called "bind IP to MAC" (prob 2). I've had two options suggested to me - either a good value "business grade" router such as a Draytek 2820 (£150-£200), or a router running some half decent and capable firmware such as DD-WRT or Tomato. It's also worth noting that both these options also have firmware that can initiate WOL requests itself - so if you still for some reason have no joy in getting the magic packet through from the WAN, then a half-way house option is to remotely log in to the router GUI over the internet, go to the routers WOL page, and initiate WOL from there - the router then generates it's own WOL request across the LAN. I'm thus going to invest in a new router and I'll let you know how that goes in the next couple of weeks...
However, questions I now have (CAN ANYONE ANSWER?!)...
1) Why if directed IP broadcasts are generally a bad thing, would a business grade router allow them through? How can this be done safely?
2) I've personally tried sending a WOW packet direct to a specific IP address through my routers port forwarding page - i.e NOT a broadcast to all on the LAN, but still no joy - why?? I can see the packet on my network using a packet sniffer, so I' know it's got through but the NAS doesn't respond. My assumption is that my router has flushed it's ARP cache real quick after I power off the NAS, thus the packet is on my network but no longer getting through, OR the router is still changing the packet in some way before passing it on. (Note if I initiate WOL from the Syno App, the NAS wakes up straight away).
3) Does anyone know if a WOL command HAS to be broadcast to all devices on a network, or can it go just to THE specific device. i.e. as a software standard, how are WOL magic packets supposed to be implemented?
As food for thought, one final thing that might work is another half-way house option: With some routers (alas not my Linksys WAG160N), whilst the config GUI doesn't allow you to bind-IP-to-MAC, you can apparently telnet/ssh in to them and manually create a permanent static ARP assignment linking IP to MAC. My thought was then that IF a WOL magic packet can be sent to a single IP address through port forwarding, and not broadcast to all, then the router may not see it as a Directed IP Broadcast and thus allow the packet through. The static ARP entry would then direct it to the correct place and fingers-crossed the NAS might fire up - just a thought.
PLEASE - I'm not a TCP/IP guru (yet anyway!), so anyone who can help or try out the above, please challenge / contribute to this thread and help see if we can get WOL working over the internet!
Thanks.
Beagle