Link to home
Create AccountLog in
Avatar of Blue Fin
Blue FinFlag for United States of America

asked on

FTP Site not accessible from work network

Facing a very strange problem from yesterday, suddenly loss connectivity with FTP site with no apparent changes to the PCs and or Firewall settings. Well the strange part is that I can successfully access and upload files from home. First thought the error is on the hosting side and submit a remedy ticket but was told that the possibility is very low since I am able to access the FTP site from home. I also contacted the ISP (Comcast) and the support tech reviewed the Business Gateway Router settings which were also deemed OK...I also did uninstall Norton Security thinking it might be the culprit but the issue remain the same i.e. not able to connect/access FTP site from Office/Work network. Any help and guidance will be appreciated.
Avatar of bbao
bbao
Flag of Australia image

please simply try TRACERT ftphostname command from both home and work place, and paste the results here for review. thanks.
Are you able to see anything on your firewall logs?  Were you able to ping to the FTP Sites from your office network?
I'd say there's a decent probability that your IP address is getting blocked. You just need to prove it.

Facing a very strange problem from yesterday, suddenly loss connectivity with FTP site with no apparent changes to the PCs and or Firewall settings.
Do you have a static or dynamic IP? If it's static and you have a block of addresses, try changing to another one. If that works, that proves your IP was getting blocked. That justifies a ticket right there.

Another approach would be to try rebooting the gateway, but that doesn't guarantee that your IP will change. (Would recommend working with your ISP)
Avatar of Blue Fin

ASKER

@masnrock

How it can be if I am able to access all other sites....? Yes we have a static IP address we also have given static IP addresses to individual PCs

@bbao

OK let me try to get the tracert
How it can be if I am able to access all other sites....? Yes we have a static IP address we also have given static IP addresses to individual PCs
Whether you're blocked by the host of the FTP site has nothing to do with your ability to get to other sites and services. Since your public IP address is public, do you have multiple public IP addresses? If so, can you make one host on your network NAT to one of those other address, then see what happens when that system tries to access the FTP site?

You can try tracert, but there's no guarantee that all of the systems in between will respond (it is ICMP traffic after all). (Doesn't hurt to try, but would be irresponsible of me to not at least give that warning)
@masnrock
I had conversation with the tech support of the hosting company (i.e. hosting our company web site, FTP and Email) and they checked we are not blocked.

Also below is the other info:

In Comcast Gateway Under Internet Settings:
Static IP Block: 20.20.20.1/24

Under Local IPv4 Settings: (Our PCs have been assigned IP addresses from this range)
IP Range (Start): 10.1.10.10
IP Range (End):10.1.10.199

Let me know if this info is helpful.

Thanks
Bluefin
Do you have a single static public IP or a block of static public IP addresses?
@masnrock
Are you talking about WAN DHCP IP Address or WAN Internet IP Address? and how I can tell from the router screen it is public or static?
It would be the settings for the WAN Internet IP address. If the address is manually configured, then it's static. If it's automatic, then it's dynamic.

Another obvious way to know is the bill. You have to pay for static IP addresses. :)
@masnrock
In that case yes we have a static public IP address
I'm guessing you don't have any sort of firewall behind the Comcast gateway (let me know if you do for some reason).

Assuming that you don't....

Go into the WAN IP settings for your Comcast Gateway, and change the IP address to one of your other static addresses. Once you've done that, try visiting the same FTP site.

Warning: doing this may impact any imcoming connections from the outside (assuming you have servers behind your gateway), or may impact some of the sites you visit assuming that you use services that whitelist your public IP. Be sure to change the WAN IP address settings back once you've done your testing.
@bbao
Here is the tracert info:

From Work PC:

Tracing route to [206.188.192.101]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  10.1.10.1
  2     9 ms     8 ms     9 ms  96.120.25.221
  3    14 ms     9 ms     9 ms  68.87.209.73
  4    12 ms    12 ms    14 ms  be-111-ar01.area4.il.chicago.comcast.net [162.151.92.121]
  5    15 ms    12 ms    18 ms  be-33491-cr02.350ecermak.il.ibone.comcast.net [68.86.91.165]
  6    10 ms    13 ms    12 ms  ix-xe-8-0-0-2-0.tcore1.ct8-chicago.as6453.net [64.86.137.45]
  7    35 ms    34 ms    34 ms  if-ae-26-2.tcore2.nto-new-york.as6453.net [216.6.81.28]
  8    37 ms    38 ms    37 ms  if-ae-30-2.tcore1.aeq-ashburn.as6453.net [63.243.216.21]
  9    35 ms    43 ms    45 ms  66.198.154.82
 10    86 ms    79 ms    40 ms  107.162.79.1
 11     *        *        *     Request timed out.
 12    51 ms    55 ms    51 ms  209.17.112.34
 13     *        *        *     Request timed out.
 14    59 ms    60 ms    56 ms  vux.netsolhost.com [206.188.192.101]

Trace complete.

From Home PC:

Tracing route to [206.188.192.101]
over a maximum of 30 hops:

  1    22 ms     6 ms    27 ms  10.0.0.1
  2    17 ms    20 ms    13 ms  96.120.24.49
  3    15 ms    15 ms    17 ms  68.87.208.169
  4    25 ms    19 ms    15 ms  be-111-ar01.area4.il.chicago.comcast.net [162.151.92.121]
  5    17 ms    24 ms    25 ms  be-33491-cr02.350ecermak.il.ibone.comcast.net [68.86.91.165]
  6    14 ms    15 ms    15 ms  ix-xe-4-0-4-0.tcore1.ct8-chicago.as6453.net [64.86.137.29]
  7    56 ms    40 ms    40 ms  if-ae-26-2.tcore2.nto-new-york.as6453.net [216.6.81.28]
  8    49 ms    73 ms    43 ms  if-ae-30-2.tcore1.aeq-ashburn.as6453.net [63.243.216.21]
  9    46 ms    45 ms    38 ms  66.198.154.82
 10    39 ms    39 ms    40 ms  107.162.79.1
 11     *        *        *     Request timed out.
 12    67 ms    66 ms    55 ms  209.17.112.42
 13    56 ms    55 ms    55 ms  vux.netsolhost.com [206.188.192.101]
 14    62 ms    57 ms    53 ms  vux.netsolhost.com [206.188.192.101]

Trace complete.

Let me know if this is helpful...
@masnrock
I do not see under Administration (In Router where to change the Static IP Address), also I have found a listing of IP Addresses under "Permitted IP Addresses" under Remote Management Tab in the Router...
@masnrock
Remote Management IP are for administering the router remotely by ISP Tech support...I just find out...
Exactly. You're looking at the wrong area. What brand/model is your gateway?
@masnrock
The Brand / Model is: SMC Networks / SMCD3G
Just read the manual. You literally cannot set the WAN IP. Which means that either:
1) You only have a dynamic IP from Comcast
-- OR --
2) If you're paying for a block of static IP addresses, you're not using them

For scenario 2, the only way that you can use your static IP addresses if connecting your own router or firewall to the gateway, then configure it.
@masnrock

In Comcast Gateway Under Internet Settings:
Static IP Block: 20.20.20.1/24

Under Local IPv4 Settings: (Our PCs have been assigned IP addresses from this range)
DHCP IP Range (Start): 10.1.10.10
DHCP IP Range (End):10.1.10.199

and yes when I check the IP address used by my PC it is in the range 10.1.10.10 to 10.1.10.199 (Internal LAN) and the Static IP block provided is not used so now I am confused since when I tried to change the IP address of my PC to the one from the Static IP range provided I was not able to go online...pretty confusing really :-(
ASKER CERTIFIED SOLUTION
Avatar of masnrock
masnrock
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
@masnrock

I will wait to see other response on this conversation and then probably as you mentioned open another thread.
@
masnrock after looking closely at the Router GUI I found out that there is no way I can tweak WAN settings; the ONLY thing I can do though is to perform a hard-reboot and sacrifice any custom settings (if any)...
@masnrock
So finally I came to know the IP Address is blocked, I asked Comcast to update the IP Address and they told me that they will investigate it and then update the IP Address.
So the FTP host blocked the IP? Shouldn't they be able to unblock it in their own system?
@masnrock
It was not blocked by the FTP host; the block is in the middle somewhere...and COMCAST seems very keen to know WHO blocked it.

I used to www.mxtoolbox.com to check if the IP Address is indeed on some sort of blacklist and voila yes it was listed twice...
Ah ha. Now that's very interesting. Whose blacklist did your IP end up on?
@masnrock
The black lists are:
1. SORBS DUHL
2. Spamhaus ZEN

And interestingly COMCAST have to hire a third party to negotiate and put your IP from Black list to White list...was wondering what a nice way to make some bucks delisting...
The way you end up on those lists are other parties reporting.

You may want to investigate your systems just to be sure nothing was sending spam out without your knowledge....
@masnrock

The issue remains, how can I check if my Office network has issues vs if COMCAST specifically not letting me to access a certain FTP site.

Thanks
Do you mean whether the issue is a Comcast wide problem or just your office network? Try accessing the FTP site from another network where you know Comcast is the ISP.

Also, did your public IP ever change?