2 IP addresses on external interface?
I have a Watchguard XTM with a configured external interface which works just fine. My ISP has assigned an additional /30 IP address to us which is on a completely different subnet to our /29 on the external interface.
I thought it would be a simple case to just add the additional address as a secondary address on the external interface however it wont let me add it giving the error: x.x.x.x/30 is not a valid secondary IP address.
I can see in traffic monitor that the ISP has routed the additional address to our primary address as I can see the traffic coming in but being blocked.
How do I get this to work so that I can setup rules for this new IP address for incoming traffic?
0
Sign In to comment.
Comments
Add them as a /29
Tried that and get the same problem - tell me x.x.x.x/29 is not a valid secondary network IP address
What is the number after the last dot of this IP addr ?
it's x.x.x.16
Very weird.
a /31 works, but I have no idea why a /30 or a /29 does not
I got it to work, /31 didn't work for me but /27 did! saved, configured and my rules work... thanks Bruce, I wouldn't have thought to try other slashes.
OK, so here is the rational...
x.x.x.16/30 - the valid range is x.x.x.16 - x.x.x.19
The bottom IP addr of a range is considered the "network" IP addr and is often reserved - i.e. - not allowed
The top IP addr of a range is considered the "broadcast" IP addr and is often reserved - i.e. - not allowed
x.x.x.16/29 - the valid range is x.x.x.16 - x.x.x.23
x.x.x.16/28 - the valid range is x.x.x.16 - x.x.x.31
x.x.x.16/27 - the valid range is x.x.x.0 - x.x.x.31 Bingo
I used the CIDR to IPv4 Conversion section of this web site:
https://www.ipaddressguide.com