Help! ISP gives /30 and /27 but cannot use /27 for FTP

m400 v12.3.1

ISP gave a /30 ip block and behind is /27, i setup port 3 external as /30 and port 4 external as /27 and added a secondary IP for ftp. But i setup ftp for the /27 and i'm unable to connect. i'm able to ping it but cannot access. FTP proxy incoming has NAT from external ip of /27 to the internal IP.

Please help, is it configuration problem?

Comments

  • Normally one sets up all of the ISP subnets on the same external interface.
    Try adding the /27 IP addrs as Secondary ones on port 3, not on port 4.

  • I added the secondary ip, do I need to add the gateway for it too, or just useable? Also when I added it still cannot reach our internal ftp. =(, no logs showing that's hitting us

  • Turn on Logging on your incoming FTP policy.
    Make sure that you are using SNAT on that policy.
    Make sure that you are testing from the Internet, not from internal.
    No, you normally do not need to set up a gateway for the 2nd subnet.

    You can also test other access to that IP addr, such as HTTP - which should show a deny in Traffic Monitor.
    You can do a tracert to that IP addr from the Internet and compare it to a tracert to the /30 IP addr. If different, it could well be an ISP issue.

    If you don't see denies or allows when accessing that IP addr from the Internet, contact your ISP for help.

  • Thank you Bruce for all your advices as usual!

Sign In to comment.