Only able to use the first IP in a range from ISP

Question

Right now I have a subnet of 16 IPs. I want all of the ips to be "owned " by my firewall. I have a watchguard firewall statically configured with X.X.X.225 and has X.X.X.226 - 238 as Secondary IPs.

This has been working fine for a few months, but last week, I could only use the first (.225) address.

If I reconfigure my firewall to start at .226 and continue up to .238 I only can use the .226.

I have tried this with multiple firewalls, both Watchguard and Juniper.

The ISP is dumb. Does anyone know why I can only use the first IP in the range?

EDIT: When I first switched to this ISP I had the same problem. It took them 2 weeks to figure out what was wrong. The eventually made it work, but they didn't tell me what they did, and they didn't document it. Now the problem is back and they don't know how to fix it.

Campo · Answer 1 · 2011-03-15T19:28:53.807

Your last comment leads me to believe it is on the ISPs end. If your settings are correct and unchanged and a reset of the equipment does not allow for the IPs to be assigned properly then contact your ISP and tell them it is an issue.

To be absolutely sure it is not you. (always best practice before accusing others) You should directly connect a machine to the internet and try to grab a few test IPs from the non working range. If you can get them assigned and working on a single directly connected machine it is more than likely your configuration. If it still is causing issues contact the ISP.

Hope this points you in the right direction to determining who is at fault. If it is on your end update your post with some more info about that and what you have tried and we will try to be of more assistance.

But you should first verify whose end the issue is on. If the ISP cannot handle simple ISP stuff like assigning an IP range it may be in your best interest to find a new ISP.

score 0 · Answer 2 · answered Mar 15 '11 at 18:48

0

I'd also try a traceroute (tracert in windows) to your first IP and then to ones that are not responding to see if they are terminating at the same point and routing through to your ISP the same, as it seems like your ISP has messed something up.

answered Mar 15 '11 at 18:48

rob

11
1

score 0 · Answer 3 · edited Jun 11 '20 at 10:02

0

Have you set your routes statically on the firewall you should have something like this:

$ route all

Destination Gateway Interface

X.X.X.224 255.255.255.240 intfX

If not your try to add it:

# route add intf inet X.X.X224 netmask 255.255.255.240 broadcast X.X.X.239

And if you did try tell your ISP that they did not set well their routes.

edited Jun 11 '20 at 10:02

Community

1

answered Mar 15 '11 at 19:45

Gopoi

547
5
21

score 0 · Accepted Answer · answered Mar 15 '11 at 20:33

0

I talked to the ISP again and they solved the problem by statically assigning the rest of the IPs in the ARP table. I don't know why the firewall didn't respond correctly to the ARP requests, but the issue is resolved for now.

This is how they fixed the problem the first time, but the had an outage and their router forgot about these arp entries.

answered Mar 15 '11 at 20:33

BLAKE

706
9
25

Probably should put that in an edit. – Campo Mar 15 '11 at 21:08
@Campo I would, but then unless someone else copies my edit, I wont be able to mark the question as answered. (What is the correct thing to do in this situation?) – BLAKE Mar 15 '11 at 22:54
@Campo this is a perfectly valid answer. – Zypher Mar 15 '11 at 23:12
OK. Glad you were able to resolve the issue :). – Campo Mar 16 '11 at 14:00

Only able to use the first IP in a range from ISP

4 Answers4