2 IP addresses on external interface?

I have a Watchguard XTM with a configured external interface which works just fine. My ISP has assigned an additional /30 IP address to us which is on a completely different subnet to our /29 on the external interface.

I thought it would be a simple case to just add the additional address as a secondary address on the external interface however it wont let me add it giving the error: x.x.x.x/30 is not a valid secondary IP address.

I can see in traffic monitor that the ISP has routed the additional address to our primary address as I can see the traffic coming in but being blocked.

How do I get this to work so that I can setup rules for this new IP address for incoming traffic?

Comments

  • Add them as a /29

  • @Bruce_Briggs said:
    Add them as a /29

    Tried that and get the same problem - tell me x.x.x.x/29 is not a valid secondary network IP address

  • What is the number after the last dot of this IP addr ?

  • it's x.x.x.16

  • Very weird.

    a /31 works, but I have no idea why a /30 or a /29 does not

  • I got it to work, /31 didn't work for me but /27 did! saved, configured and my rules work... thanks Bruce, I wouldn't have thought to try other slashes.

  • OK, so here is the rational...

    x.x.x.16/30 - the valid range is x.x.x.16 - x.x.x.19
    The bottom IP addr of a range is considered the "network" IP addr and is often reserved - i.e. - not allowed
    The top IP addr of a range is considered the "broadcast" IP addr and is often reserved - i.e. - not allowed

    x.x.x.16/29 - the valid range is x.x.x.16 - x.x.x.23
    x.x.x.16/28 - the valid range is x.x.x.16 - x.x.x.31
    x.x.x.16/27 - the valid range is x.x.x.0 - x.x.x.31 Bingo

    I used the CIDR to IPv4 Conversion section of this web site:
    https://www.ipaddressguide.com

Sign In to comment.