about
resume

Zovirl Industries

Mark Ivey’s weblog

How to Set Up the Wake-On-Lan Proxy On Bering firewalls

Want to remotely access computers behind your Bering firewall, but they aren’t turned on? You need the Wake-On-Lan Proxy written by Ken Yap.

Wake-On-Lan (WOL) is a technology that lets you turn on a computer on your network by sending a special packet to it over the network. The WOL proxy makes it easy to send these packets to your network from anywhere on the Internet, securely. It consists of a server (wold) and a client (wolc.pl). When the client sends the right password to the server, the server sends a WOL packet to the target computer.

If you want to set this up on your Bering firewall, first get WOL working. It is hard to debug, so it is best to get this out of the way before you add the proxy into the mix.

  1. Load the etherw package onto your firewall. This lets you send WOL packets when you are logged into the firewall.
  2. Make sure the target computer supports WOL and has it enabled in the BIOS
  3. The OS on the target machine has to leave the network card in a WOL-ready state when it shuts down. Instructions for linux and windows. Here is how I set up my Shuttle SK41G for WOL
  4. Turn off the target machine and send a WOL packet from the firewall: 
    ether-wake 00:AA:BB:CC:DD:EE -i eth1

    The target machine should turn on

Once you have basic WOL working, it is time to set up the proxy:

  1. Load the wold.lrp package onto the firewall
  2. Go into “lrcfg”–>”packages”–>”wold” to edit the configuration file (/etc/wold.conf). Add the target machine’s MAC address, name, and password. You will need the same configuration file for the client
  3. Add wold to the list of services (/etc/services) and give it a port number: 
    ...
# Local services
wold 54321/tcp  # WOL proxy
wold 54321/udp # WOL proxy
...
  4. Configure inetd.conf to run wold when the client connects. 
    ...
wold stream tcp nowait sh-httpd /usr/sbin/tcpd /usr/sbin/wold \
   -f /etc/wold.conf -i 192.168.1.255 -p 54321
...

    Restart inetd (run svi inetd resart).

  5. Configure hosts.allow to allow machines to connect to the firewall 
    ...
wold: ALL
...
  6. Edit the shorewall rules file to allow incoming wold connections from the local network and the internet, and to allow outgoing WOL packets to the local network. 
    ...
# Allow WOLD requests to the firewall from anywhere,
# Allow WOLD magic packets from the firewall to local
ACCEPT loc fw tcp 54321
ACCEPT net fw tcp 54321
ACCEPT fw loc udp 54321
...

    Restart shorewall (run svi shorewall resart)

  7. Back up all the Bering packages you changed (wold, shorewall, etc)
  8. Grab the client (it is in the WOL proxy package, found here) and set it up with the same configuration file you used on the server (you can remove passwords if you want to be prompted). Run it like this: 
    $ ./wolc.pl -f wold.conf 192.168.1.254:54321 computer_name