After a whole weekend getting wake on lan over the internet working, I thought I would share the experience.
Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a specific ip address. That's bacause a lot of routers dont allow direct broadcast due to its use in ddos attacks and other attacks.
Also note I had to port forward 7 udp as well.
My router (a draytek 2820) allows broadcast but my friends router (tp-link 1043dn) didn't. That's how I found out about direct broadcast not working on a lot of consumer level routers. Although, I also found out if the tp-link was re-flashed with openwrt or dd-wrt it would work.
If your router is wol capable from telnet or ssh you can do a wol up mac_address command. If the machine at the hardware address is configured for wake on lan it will wake up from sleep or hibernate as a test from the router. So if the magic packets hit the external ip address and port 7 and 9 udp are opened through the firewall wol over the internet will work.
Wake on lan is normally configured through the bios or the external bios if the nic is a pci/pci-e add-in card. If it isn't in the bios in windows go to the properties of the nic and you will find wake on lan settings in there. Some newer wake on lan have a security device called secure on.
The main problem I found is an arp cache error where the machine to be woken is only in the arp cache for 5 or so minutes. So the fix is to add a static arp entry.
On my router it was ip arp add 192.168.0.80 aabbccdd(mac address). That fixed my 192.168.0.80 to wake over the internet from a web site for wake on lan over the internet (the one I used is http://wakeonlan.me/
but there are others and you should check them out first).
A lot of consumer routers need a trick to enable telnet or ssh as its usually disabled for isp's benefit to stop casual users breaking their routers by not knowing enough.
Please make very sure you actually need to do this before you begin and start by checking a few things first. You don't want to accidentally break your router, or, accidentally open up a possible security threat.