[Cerowrt-devel] Routed LANs vs WOL & Windows troubles

Alan Jenkins alan.christopher.jenkins at gmail.com
Sun Apr 12 10:18:52 EDT 2015

On 11/04/15 18:01, Kevin Darbyshire-Bryant wrote:
> Chaps,
> Newcomer to Openwrt & the Cerowrt concepts so bear with me.  I've built
> an Openwrt environment based on Archer C7 hardware and 'Cerowrt'
> principles of 'Routed LANs' for GigE LAN, Wireless LAN1 & Wireless
> LAN2.  I get the design idea of limiting broadcast/multicast traffic on
> the wireless LANs however for a vaguely technical home I'm hitting
> problems that make things 'just not work', to the extent of thinking
> about going back to bridged LAN/WLAN.  So the 3 problems in ascending
> order of annoyance/confusion.
> 1)  I've a central Windows based Home Server (WHS) with a Wake On Lan
> facility - it dozes until a client appears on LAN/WLAN, sends a WOL
> Magic packet.  Unfortunately the WOL Magic packets don't cross subnets
> and the vast majority of clients are of the wireless variety.  Some sort
> of WOL forwarding/proxying on the router would seem the way to go.  Has
> anyone been here/solved it already?

In theory wol is (optionally) used over udp.  I guess you need to set a 
static arp entry on the router.  Otherwise it will forget what the MAC 
address was for the IP you're sending to.  I've used `arp -f 
/etc/ethers` at boot on debian.  Not tested it on openwrt, or for wol 
and I know wol can be annoying.

Apple (at least used to, I read some complaints recently) got wol 
working with Mac servers, Airport routers and mdns magic; I think the 
client didn't need to know wol (maybe just required some part of 
standardized mdns or dns-sd?).  I don't expect cross-subnet clients was 
a big selling point, but it sounded like there was potential there.

Problem is home servers didn't really take off in a big way before 
Cloud, and modern products (like NAS, or my plug-computer) are lower 
power things that don't benefit so much from wol.  When/if subnetting 
gets popular I'm not sure anyone's going to be fixing up wol.  Outside 
of managing corporate PCs, hmm, where some form of "wol relay agent" 
sounds plausible enough it'll exist already.

> 2) I have a 'WSD' printer/multifunction device on the LAN, an Epson
> something or other.  It can communicate across subnets (ping) without
> issue but it always appears 'offline' as a WSD printer.  I can use the
> scanner functionality no problem at all :-)

pass :).

Printers can often be made to work without the newest stuff, e.g. you 
can try adding it's IP address with the raw INF driver file, or maybe 
setting the exact model & it'll pick up the already installed driver.

Whether there's some way to use "WS" printing over something slightly 
closer to the real W than a 1980s LAN, I don't know.

> 3) Windows and its firewall.  Windows likes its firewall on.  It only
> likes to talk to things on the local attached subnet.  Windows by
> default won't reply to pings across subnets and it certainly doesn't
> like doing file sharing.  It would be wonderful if there was a nice easy
> way (via DHCP?) of telling it 'trust 172.30.42/24' (or even my IPV6
> equivalent /56)  Has anyone else fallen in to this?  Solved it?

You only need to "unblock" on the server side, right?  Which is 
annoying, but shouldn't be too bad for someone who does WHS?  I assume 
you found a way to configure this manually, that's not your question.  I 
think there isn't a fully-automatic way to "unblock" for a home network.

Discovery & name resolution is a potential issue.

The "easy answer" is to forget discovery aka "network neighborhood" 
between different subnets.  Just use IP addresses or DNS names.  dnsmasq 
seems to take care of name resolution nicely for me, I get DNS names for 
my hosts without manually configuring dnsmasq.  If you don't use DHCP 
for the WHS (i.e. purely static IP), you'll need to add a manual entry 
to dnsmasq.  You don't get p2p name resolution (LLMNR nowadays) between 
different subnets.

Discovery is done in "enterprise", so there must be a modern mechanism. 
  I'd expect using DNS, although I think there's some craziness about 
making different things visible to different users.  I don't know how 
hard it is to admin and/or whether samba serves it.

The slightly harder answer: Samba says there's a hack for discovery[1], 
but that the best solution is to run a WINS server.  You then set a WINS 
server option in DHCP.[2]  I expect it works, but myself I've only 
really used it for name resolution in a single subnet.  (So I could 
disable a bunch of windows name-resolution broadcasts with regedit). 
Don't know if your WHS will do WINS for you, it's kinda deprecated, you 
could always run samba on the router.


> 4) (A bonus Monty Python question)  I've a second wireless access point
> at the other end of the garden, attached by a suitable length of Cat 6.
> Devices at mid travel point ideally roam from House wifi to Shed
> wifi...but now they change IP address as well.  To be honest I'm not
> sure how this actually works in a bridged environment either since the
> MAC now migrates from local wireless bridge interface to local wired
> interface and potentially back again as I wander around the garden...how
> does it really know where to send frames to this magically roaming device?

Yes they can't keep the same IP address on a different subnet :).  There 
are common cases where you don't notice and it wouldn't matter.

There are references for bridging.  Basically it's an optimization over 
flooding packets to every single port (old-style dumb hub).  As soon as 
you send a frame from your MAC, all the bridges/switches in between 
"learn" where you are now.  If the target isn't known yet, the frame is 
just flooded.

Maybe this helps: http://computer.howstuffworks.com/ethernet12.htm

> It appears a lot of 'it just works' functionality is designed for
> bridged LAN/WLAN scenarios and hates routed but maybe I've got the wrong
> end of a stick.

I think you're right & it's all built on sand :).  It's not obvious to 
me either though.  If I actually used any network devices, like you do, 
I probably wouldn't be bothering.  Not outside of r&d.

It'd be interesting if we had a simple writeup to show how more 
efficient discovery should be, and the impact on wireless to justify the 
change.  You can see in principle e.g. resolving names through dnsmasq 
instead of mdns can avoid broadcasting to everyone to get data that's 
already known by the router.  But the impact that has on wireless is 
less obvious - the broadcasts have to use a minimal wireless rate, lower 
by orders of magnitude.  And that it affects everyone in range sharing 
that channel.

And when people want to just make it work across subnets without extra 
development, they just re-implement flooding over IP.  Cough, I think I 
have Avahi configured that way on my router, for linux service 
discovery...  Optimistically, someone will get it right, standardize it 
(DNS), and then vendors _have_ to use the efficient protocol because 
that's what the routers implement.


More information about the Cerowrt-devel mailing list