FTP Site not accessible from work network

Blue Fin
Blue Fin used Ask the Experts™
on
Facing a very strange problem from yesterday, suddenly loss connectivity with FTP site with no apparent changes to the PCs and or Firewall settings. Well the strange part is that I can successfully access and upload files from home. First thought the error is on the hosting side and submit a remedy ticket but was told that the possibility is very low since I am able to access the FTP site from home. I also contacted the ISP (Comcast) and the support tech reviewed the Business Gateway Router settings which were also deemed OK...I also did uninstall Norton Security thinking it might be the culprit but the issue remain the same i.e. not able to connect/access FTP site from Office/Work network. Any help and guidance will be appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
bbaoIT Consultant

Commented:
please simply try TRACERT ftphostname command from both home and work place, and paste the results here for review. thanks.
AntzsInfrastructure Services

Commented:
Are you able to see anything on your firewall logs?  Were you able to ping to the FTP Sites from your office network?
Distinguished Expert 2018

Commented:
I'd say there's a decent probability that your IP address is getting blocked. You just need to prove it.

Facing a very strange problem from yesterday, suddenly loss connectivity with FTP site with no apparent changes to the PCs and or Firewall settings.
Do you have a static or dynamic IP? If it's static and you have a block of addresses, try changing to another one. If that works, that proves your IP was getting blocked. That justifies a ticket right there.

Another approach would be to try rebooting the gateway, but that doesn't guarantee that your IP will change. (Would recommend working with your ISP)
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Author

Commented:
@masnrock

How it can be if I am able to access all other sites....? Yes we have a static IP address we also have given static IP addresses to individual PCs

@bbao

OK let me try to get the tracert
Distinguished Expert 2018

Commented:
How it can be if I am able to access all other sites....? Yes we have a static IP address we also have given static IP addresses to individual PCs
Whether you're blocked by the host of the FTP site has nothing to do with your ability to get to other sites and services. Since your public IP address is public, do you have multiple public IP addresses? If so, can you make one host on your network NAT to one of those other address, then see what happens when that system tries to access the FTP site?

You can try tracert, but there's no guarantee that all of the systems in between will respond (it is ICMP traffic after all). (Doesn't hurt to try, but would be irresponsible of me to not at least give that warning)

Author

Commented:
@masnrock
I had conversation with the tech support of the hosting company (i.e. hosting our company web site, FTP and Email) and they checked we are not blocked.

Also below is the other info:

In Comcast Gateway Under Internet Settings:
Static IP Block: 20.20.20.1/24

Under Local IPv4 Settings: (Our PCs have been assigned IP addresses from this range)
IP Range (Start): 10.1.10.10
IP Range (End):10.1.10.199

Let me know if this info is helpful.

Thanks
Bluefin
Distinguished Expert 2018

Commented:
Do you have a single static public IP or a block of static public IP addresses?

Author

Commented:
@masnrock
Are you talking about WAN DHCP IP Address or WAN Internet IP Address? and how I can tell from the router screen it is public or static?
Distinguished Expert 2018

Commented:
It would be the settings for the WAN Internet IP address. If the address is manually configured, then it's static. If it's automatic, then it's dynamic.

Another obvious way to know is the bill. You have to pay for static IP addresses. :)

Author

Commented:
@masnrock
In that case yes we have a static public IP address
Distinguished Expert 2018

Commented:
I'm guessing you don't have any sort of firewall behind the Comcast gateway (let me know if you do for some reason).

Assuming that you don't....

Go into the WAN IP settings for your Comcast Gateway, and change the IP address to one of your other static addresses. Once you've done that, try visiting the same FTP site.

Warning: doing this may impact any imcoming connections from the outside (assuming you have servers behind your gateway), or may impact some of the sites you visit assuming that you use services that whitelist your public IP. Be sure to change the WAN IP address settings back once you've done your testing.

Author

Commented:
@bbao
Here is the tracert info:

From Work PC:

Tracing route to [206.188.192.101]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  10.1.10.1
  2     9 ms     8 ms     9 ms  96.120.25.221
  3    14 ms     9 ms     9 ms  68.87.209.73
  4    12 ms    12 ms    14 ms  be-111-ar01.area4.il.chicago.comcast.net [162.151.92.121]
  5    15 ms    12 ms    18 ms  be-33491-cr02.350ecermak.il.ibone.comcast.net [68.86.91.165]
  6    10 ms    13 ms    12 ms  ix-xe-8-0-0-2-0.tcore1.ct8-chicago.as6453.net [64.86.137.45]
  7    35 ms    34 ms    34 ms  if-ae-26-2.tcore2.nto-new-york.as6453.net [216.6.81.28]
  8    37 ms    38 ms    37 ms  if-ae-30-2.tcore1.aeq-ashburn.as6453.net [63.243.216.21]
  9    35 ms    43 ms    45 ms  66.198.154.82
 10    86 ms    79 ms    40 ms  107.162.79.1
 11     *        *        *     Request timed out.
 12    51 ms    55 ms    51 ms  209.17.112.34
 13     *        *        *     Request timed out.
 14    59 ms    60 ms    56 ms  vux.netsolhost.com [206.188.192.101]

Trace complete.

From Home PC:

Tracing route to [206.188.192.101]
over a maximum of 30 hops:

  1    22 ms     6 ms    27 ms  10.0.0.1
  2    17 ms    20 ms    13 ms  96.120.24.49
  3    15 ms    15 ms    17 ms  68.87.208.169
  4    25 ms    19 ms    15 ms  be-111-ar01.area4.il.chicago.comcast.net [162.151.92.121]
  5    17 ms    24 ms    25 ms  be-33491-cr02.350ecermak.il.ibone.comcast.net [68.86.91.165]
  6    14 ms    15 ms    15 ms  ix-xe-4-0-4-0.tcore1.ct8-chicago.as6453.net [64.86.137.29]
  7    56 ms    40 ms    40 ms  if-ae-26-2.tcore2.nto-new-york.as6453.net [216.6.81.28]
  8    49 ms    73 ms    43 ms  if-ae-30-2.tcore1.aeq-ashburn.as6453.net [63.243.216.21]
  9    46 ms    45 ms    38 ms  66.198.154.82
 10    39 ms    39 ms    40 ms  107.162.79.1
 11     *        *        *     Request timed out.
 12    67 ms    66 ms    55 ms  209.17.112.42
 13    56 ms    55 ms    55 ms  vux.netsolhost.com [206.188.192.101]
 14    62 ms    57 ms    53 ms  vux.netsolhost.com [206.188.192.101]

Trace complete.

Let me know if this is helpful...

Author

Commented:
@masnrock
I do not see under Administration (In Router where to change the Static IP Address), also I have found a listing of IP Addresses under "Permitted IP Addresses" under Remote Management Tab in the Router...

Author

Commented:
@masnrock
Remote Management IP are for administering the router remotely by ISP Tech support...I just find out...
Distinguished Expert 2018

Commented:
Exactly. You're looking at the wrong area. What brand/model is your gateway?

Author

Commented:
@masnrock
The Brand / Model is: SMC Networks / SMCD3G
Distinguished Expert 2018

Commented:
Just read the manual. You literally cannot set the WAN IP. Which means that either:
1) You only have a dynamic IP from Comcast
-- OR --
2) If you're paying for a block of static IP addresses, you're not using them

For scenario 2, the only way that you can use your static IP addresses if connecting your own router or firewall to the gateway, then configure it.

Author

Commented:
@masnrock

In Comcast Gateway Under Internet Settings:
Static IP Block: 20.20.20.1/24

Under Local IPv4 Settings: (Our PCs have been assigned IP addresses from this range)
DHCP IP Range (Start): 10.1.10.10
DHCP IP Range (End):10.1.10.199

and yes when I check the IP address used by my PC it is in the range 10.1.10.10 to 10.1.10.199 (Internal LAN) and the Static IP block provided is not used so now I am confused since when I tried to change the IP address of my PC to the one from the Static IP range provided I was not able to go online...pretty confusing really :-(
Distinguished Expert 2018
Commented:
We're talking about 2 very different things. I was discussing WAN IPs (would be closer to what you're talking about in Internet Settings)

The LAN IPs are different. I'm not suggesting touching those at all.

For my approach, it sounds like you're stuck. And it's going to go far outside of the scope of this question, so it would be fairer to make it a separate question.

On your router, go to Status, then look at Internet. You should see your WAN IP address there. Ask the host of the FTP site to see whether that address is blocked.

Author

Commented:
@masnrock

I will wait to see other response on this conversation and then probably as you mentioned open another thread.

Author

Commented:
@
masnrock after looking closely at the Router GUI I found out that there is no way I can tweak WAN settings; the ONLY thing I can do though is to perform a hard-reboot and sacrifice any custom settings (if any)...

Author

Commented:
@masnrock
So finally I came to know the IP Address is blocked, I asked Comcast to update the IP Address and they told me that they will investigate it and then update the IP Address.
Distinguished Expert 2018

Commented:
So the FTP host blocked the IP? Shouldn't they be able to unblock it in their own system?

Author

Commented:
@masnrock
It was not blocked by the FTP host; the block is in the middle somewhere...and COMCAST seems very keen to know WHO blocked it.

I used to www.mxtoolbox.com to check if the IP Address is indeed on some sort of blacklist and voila yes it was listed twice...
Distinguished Expert 2018

Commented:
Ah ha. Now that's very interesting. Whose blacklist did your IP end up on?

Author

Commented:
@masnrock
The black lists are:
1. SORBS DUHL
2. Spamhaus ZEN

And interestingly COMCAST have to hire a third party to negotiate and put your IP from Black list to White list...was wondering what a nice way to make some bucks delisting...
Distinguished Expert 2018

Commented:
The way you end up on those lists are other parties reporting.

You may want to investigate your systems just to be sure nothing was sending spam out without your knowledge....

Author

Commented:
@masnrock

The issue remains, how can I check if my Office network has issues vs if COMCAST specifically not letting me to access a certain FTP site.

Thanks
Distinguished Expert 2018

Commented:
Do you mean whether the issue is a Comcast wide problem or just your office network? Try accessing the FTP site from another network where you know Comcast is the ISP.

Also, did your public IP ever change?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial