FTP Site not accessible from work network

Facing a very strange problem from yesterday, suddenly loss connectivity with FTP site with no apparent changes to the PCs and or Firewall settings. Well the strange part is that I can successfully access and upload files from home. First thought the error is on the hosting side and submit a remedy ticket but was told that the possibility is very low since I am able to access the FTP site from home. I also contacted the ISP (Comcast) and the support tech reviewed the Business Gateway Router settings which were also deemed OK...I also did uninstall Norton Security thinking it might be the culprit but the issue remain the same i.e. not able to connect/access FTP site from Office/Work network. Any help and guidance will be appreciated.
Blue FinAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
please simply try TRACERT ftphostname command from both home and work place, and paste the results here for review. thanks.
AntzsInfrastructure ServicesCommented:
Are you able to see anything on your firewall logs?  Were you able to ping to the FTP Sites from your office network?
masnrockCommented:
I'd say there's a decent probability that your IP address is getting blocked. You just need to prove it.

Facing a very strange problem from yesterday, suddenly loss connectivity with FTP site with no apparent changes to the PCs and or Firewall settings.
Do you have a static or dynamic IP? If it's static and you have a block of addresses, try changing to another one. If that works, that proves your IP was getting blocked. That justifies a ticket right there.

Another approach would be to try rebooting the gateway, but that doesn't guarantee that your IP will change. (Would recommend working with your ISP)
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Blue FinAuthor Commented:
@masnrock

How it can be if I am able to access all other sites....? Yes we have a static IP address we also have given static IP addresses to individual PCs

@bbao

OK let me try to get the tracert
masnrockCommented:
How it can be if I am able to access all other sites....? Yes we have a static IP address we also have given static IP addresses to individual PCs
Whether you're blocked by the host of the FTP site has nothing to do with your ability to get to other sites and services. Since your public IP address is public, do you have multiple public IP addresses? If so, can you make one host on your network NAT to one of those other address, then see what happens when that system tries to access the FTP site?

You can try tracert, but there's no guarantee that all of the systems in between will respond (it is ICMP traffic after all). (Doesn't hurt to try, but would be irresponsible of me to not at least give that warning)
Blue FinAuthor Commented:
@masnrock
I had conversation with the tech support of the hosting company (i.e. hosting our company web site, FTP and Email) and they checked we are not blocked.

Also below is the other info:

In Comcast Gateway Under Internet Settings:
Static IP Block: 20.20.20.1/24

Under Local IPv4 Settings: (Our PCs have been assigned IP addresses from this range)
IP Range (Start): 10.1.10.10
IP Range (End):10.1.10.199

Let me know if this info is helpful.

Thanks
Bluefin
masnrockCommented:
Do you have a single static public IP or a block of static public IP addresses?
Blue FinAuthor Commented:
@masnrock
Are you talking about WAN DHCP IP Address or WAN Internet IP Address? and how I can tell from the router screen it is public or static?
masnrockCommented:
It would be the settings for the WAN Internet IP address. If the address is manually configured, then it's static. If it's automatic, then it's dynamic.

Another obvious way to know is the bill. You have to pay for static IP addresses. :)
Blue FinAuthor Commented:
@masnrock
In that case yes we have a static public IP address
masnrockCommented:
I'm guessing you don't have any sort of firewall behind the Comcast gateway (let me know if you do for some reason).

Assuming that you don't....

Go into the WAN IP settings for your Comcast Gateway, and change the IP address to one of your other static addresses. Once you've done that, try visiting the same FTP site.

Warning: doing this may impact any imcoming connections from the outside (assuming you have servers behind your gateway), or may impact some of the sites you visit assuming that you use services that whitelist your public IP. Be sure to change the WAN IP address settings back once you've done your testing.
Blue FinAuthor Commented:
@bbao
Here is the tracert info:

From Work PC:

Tracing route to [206.188.192.101]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  10.1.10.1
  2     9 ms     8 ms     9 ms  96.120.25.221
  3    14 ms     9 ms     9 ms  68.87.209.73
  4    12 ms    12 ms    14 ms  be-111-ar01.area4.il.chicago.comcast.net [162.151.92.121]
  5    15 ms    12 ms    18 ms  be-33491-cr02.350ecermak.il.ibone.comcast.net [68.86.91.165]
  6    10 ms    13 ms    12 ms  ix-xe-8-0-0-2-0.tcore1.ct8-chicago.as6453.net [64.86.137.45]
  7    35 ms    34 ms    34 ms  if-ae-26-2.tcore2.nto-new-york.as6453.net [216.6.81.28]
  8    37 ms    38 ms    37 ms  if-ae-30-2.tcore1.aeq-ashburn.as6453.net [63.243.216.21]
  9    35 ms    43 ms    45 ms  66.198.154.82
 10    86 ms    79 ms    40 ms  107.162.79.1
 11     *        *        *     Request timed out.
 12    51 ms    55 ms    51 ms  209.17.112.34
 13     *        *        *     Request timed out.
 14    59 ms    60 ms    56 ms  vux.netsolhost.com [206.188.192.101]

Trace complete.

From Home PC:

Tracing route to [206.188.192.101]
over a maximum of 30 hops:

  1    22 ms     6 ms    27 ms  10.0.0.1
  2    17 ms    20 ms    13 ms  96.120.24.49
  3    15 ms    15 ms    17 ms  68.87.208.169
  4    25 ms    19 ms    15 ms  be-111-ar01.area4.il.chicago.comcast.net [162.151.92.121]
  5    17 ms    24 ms    25 ms  be-33491-cr02.350ecermak.il.ibone.comcast.net [68.86.91.165]
  6    14 ms    15 ms    15 ms  ix-xe-4-0-4-0.tcore1.ct8-chicago.as6453.net [64.86.137.29]
  7    56 ms    40 ms    40 ms  if-ae-26-2.tcore2.nto-new-york.as6453.net [216.6.81.28]
  8    49 ms    73 ms    43 ms  if-ae-30-2.tcore1.aeq-ashburn.as6453.net [63.243.216.21]
  9    46 ms    45 ms    38 ms  66.198.154.82
 10    39 ms    39 ms    40 ms  107.162.79.1
 11     *        *        *     Request timed out.
 12    67 ms    66 ms    55 ms  209.17.112.42
 13    56 ms    55 ms    55 ms  vux.netsolhost.com [206.188.192.101]
 14    62 ms    57 ms    53 ms  vux.netsolhost.com [206.188.192.101]

Trace complete.

Let me know if this is helpful...
Blue FinAuthor Commented:
@masnrock
I do not see under Administration (In Router where to change the Static IP Address), also I have found a listing of IP Addresses under "Permitted IP Addresses" under Remote Management Tab in the Router...
Blue FinAuthor Commented:
@masnrock
Remote Management IP are for administering the router remotely by ISP Tech support...I just find out...
masnrockCommented:
Exactly. You're looking at the wrong area. What brand/model is your gateway?
Blue FinAuthor Commented:
@masnrock
The Brand / Model is: SMC Networks / SMCD3G
masnrockCommented:
Just read the manual. You literally cannot set the WAN IP. Which means that either:
1) You only have a dynamic IP from Comcast
-- OR --
2) If you're paying for a block of static IP addresses, you're not using them

For scenario 2, the only way that you can use your static IP addresses if connecting your own router or firewall to the gateway, then configure it.
Blue FinAuthor Commented:
@masnrock

In Comcast Gateway Under Internet Settings:
Static IP Block: 20.20.20.1/24

Under Local IPv4 Settings: (Our PCs have been assigned IP addresses from this range)
DHCP IP Range (Start): 10.1.10.10
DHCP IP Range (End):10.1.10.199

and yes when I check the IP address used by my PC it is in the range 10.1.10.10 to 10.1.10.199 (Internal LAN) and the Static IP block provided is not used so now I am confused since when I tried to change the IP address of my PC to the one from the Static IP range provided I was not able to go online...pretty confusing really :-(
masnrockCommented:
We're talking about 2 very different things. I was discussing WAN IPs (would be closer to what you're talking about in Internet Settings)

The LAN IPs are different. I'm not suggesting touching those at all.

For my approach, it sounds like you're stuck. And it's going to go far outside of the scope of this question, so it would be fairer to make it a separate question.

On your router, go to Status, then look at Internet. You should see your WAN IP address there. Ask the host of the FTP site to see whether that address is blocked.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue FinAuthor Commented:
@masnrock

I will wait to see other response on this conversation and then probably as you mentioned open another thread.
Blue FinAuthor Commented:
@
masnrock after looking closely at the Router GUI I found out that there is no way I can tweak WAN settings; the ONLY thing I can do though is to perform a hard-reboot and sacrifice any custom settings (if any)...
Blue FinAuthor Commented:
@masnrock
So finally I came to know the IP Address is blocked, I asked Comcast to update the IP Address and they told me that they will investigate it and then update the IP Address.
masnrockCommented:
So the FTP host blocked the IP? Shouldn't they be able to unblock it in their own system?
Blue FinAuthor Commented:
@masnrock
It was not blocked by the FTP host; the block is in the middle somewhere...and COMCAST seems very keen to know WHO blocked it.

I used to www.mxtoolbox.com to check if the IP Address is indeed on some sort of blacklist and voila yes it was listed twice...
masnrockCommented:
Ah ha. Now that's very interesting. Whose blacklist did your IP end up on?
Blue FinAuthor Commented:
@masnrock
The black lists are:
1. SORBS DUHL
2. Spamhaus ZEN

And interestingly COMCAST have to hire a third party to negotiate and put your IP from Black list to White list...was wondering what a nice way to make some bucks delisting...
masnrockCommented:
The way you end up on those lists are other parties reporting.

You may want to investigate your systems just to be sure nothing was sending spam out without your knowledge....
Blue FinAuthor Commented:
@masnrock

The issue remains, how can I check if my Office network has issues vs if COMCAST specifically not letting me to access a certain FTP site.

Thanks
masnrockCommented:
Do you mean whether the issue is a Comcast wide problem or just your office network? Try accessing the FTP site from another network where you know Comcast is the ISP.

Also, did your public IP ever change?
Blue FinAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
FTP

From novice to tech pro — start learning today.