How to forward UDP Wake-on-Lan port to broadcast IP with IPTABLES?

Question

I'm trying to setup Wake-on-Lan for some of the LAN computers at home and it seems that I need to open a UDP port (7 or 9 being the most common) and forward all requests to the broadcast IP, which in my case is 192.168.1.255.

The problem is that my router does not allow me to forward anything to the broadcast IP.

I can connect to my router through telnet and it seems this router uses IPTABLES, but I don't know much about it or how to is.

Can someone help me out with the proper iptables commands to do what I want? Also, in case it doesn't work, the commands to put everything back would be nice too.

One last thing, rebooting the router will keep those manually added iptables entries or I would need to run them every time?

score 1 · Answer 1 · answered Feb 27 '20 at 16:31

Some routers (cisco) are able to forward directed UDP broadcast.

Linux kernel since circa version 5.0 is able to do this. You just need to specify a parameter for particular network interface:

sudo sysctl -w net.ipv4.conf.eth1.bc_forwarding=1

(Note: it seems the option net.ipv4.conf.all.bc_forwarding doesn't work)

You may save this parameter int /etc/sysctl.conf

score 1 · Answer 2 · answered May 07 '11 at 17:12

# iptables -A PREROUTING -t nat -p udp --dport 6  -d <original destination> -j DNAT --to-destination 192.168.1.255

That will take a WOL packet destined for and reroute it to the broadcast of your network.

Also if you are using a Red Hat derived system you will need to save the iptables entry using

# service iptables save

score 1 · Answer 3 · edited Apr 13 '17 at 12:37

There's a great solution using the tool socat, mentionned on this StackExchange topic:

Transform a UDP unicast packet into a broadcast?

I'm not an expert at all on this topic, so I can't elaborate, I can only quote. This solution worked great for me.

The solution mentioned by Red Tux (https://serverfault.com/a/267343/323199) doesn't work, iptables is not made to broadcast a packet. This is explained in the StackExchange topic I mentioned above.

score -1 · Answer 4 · edited Jul 21 '11 at 21:36

-1

Add something like this:

iptables -A IN_FILTER -p udp -d 10.11.11.255 -j ACCEPT -m comment --comment "Depicus WoL"

http://linux.die.net/man/8/iptables will give you the syntax

Should survive a reboot but you never can tell until you try it.

edited Jul 21 '11 at 21:36

Nate

2,161

answered Nov 06 '10 at 23:49

Depicus

139

How to forward UDP Wake-on-Lan port to broadcast IP with IPTABLES?

4 Answers4