Ok - after long testing, i found the culprit.
The Firewall drops “every” paket to port 7 and 9 by default.
Solution:
An entry in /etc/sysconfig/rc.local
arp -s 192.168.x.x AA:BB:CC:DD:EE:FF
This entry causes the firewall to forward all packets to the respective computer
Problem fixed! 
So is this a bug?
This shouldn’t be required to make a port forward.
Hi @zonediver
How did you determine that this is happening. I don’t see that from your earlier logs.
Those showed that your DNAT had successfully passed and then also your FORWARDFW. If either of these had dropped the packet then you would have DROP_INPUT in the chain section for that source and destination.
That suggests that the packet passed through the firewall but then could not find the machine on your network.
The arp command is basically telling IPFire that it can find that specified mac on the 192.168.x.x subnet but IPFire should know that already from the dhcp settings. It is not doing anything with ports 7 or 9.
I am asking this question as I have done this myself and struggled for some time before realising the mistake I had made.
When you replaced your network card did you update the mac address in the dhcp entry for that computer
If yes, then something is still peculiar here because you shouldn’t need to tell IPFire which ip address goes with which mac address with the arp command.
How? Fairly easy: The machine didn’t wake up.
And no, there is no DHCP for this machine. It has a stratic IP. Maybe this is the reason…
And by the way: This entry must be also done in /etc/sysconfig/firewall.local
Then the WOL-Broadcast works
Good point. The ip address is allocated to a specific mac address on the DHCP page.
Which would need updated.