2

After a physical move our service provider has assigned us two new static IP addresses. We are having difficulty getting any traffic whatsoever to the second address.

  • Countless hours this week on phone support with Cox who blames the Sonicwall. The are saying our Sonicwall is ARPing the entire block (proxy arp?).

  • We've done Webex sessions where the Sonicwall team pored over every setting in our router and is blaming our service provider. They say that ARPing the entire subnet is correct and that traceroutes to the two IP addresses hint at a reason for problems.

Our assignment from Cox looks like this:

  • IP1: x.y.z.75
  • IP2: x.y.z.93
  • Netmask: 255.255.255.224
  • Gatewak: x.y.z.65
  • DNS j.k.28.16, j.k.29.16

I have one network interface defined with those settings. I am able to NAT on our first IP1 address object but I am not able to NAT on our second IP2 address object.

Also the traceroute to the two different IP addresses takes different paths for the last three hops with out second IP never responding.

We are absolutely at our wits end. I think our only remaining options are:

  • Do a conference call with Cox and Sonicwall (as offered by Sonicwall)
  • Request Cox to assign new IP addresses in the hopes that they get the correct routing
  • Hard reset the router in hopes that the "one small setting somewhere affecting the proxy arp" get sets correctly

Any advice or reflections would be greatly appreciated here. Thank you

Reg Edit
  • 244
  • 2
  • 11
SixOThree
  • 182
  • 1
  • 1
  • 7
  • 2
    I would connect a second machine, an ordinary computer, by way of a switch to the external network so as to operate side-by-side with Sonicwall. I would remove the second ip assignment x.y.z.93 from the Sonicwall so as not to interfere with the test (but keep the first address operative) and assign that second address to the computer. Can Sonicwall and the other computer both do simultaneous outbound traffic? The result should tell me if the problem lies with Sonicwall of with Cox. When at wits end a simple hands-on like this usually pays off, you would get the problem isolation sorted. – ErikE May 25 '15 at 15:34

1 Answers1

1

Sounds like your netmask settings is incorrect. How large is your IP block 224 is 30 hosts if you have a few IP addresses it would be more like a 248 [cdir of 29] which is 6 hosts, 5 useful - this would account for the provider saying it is arpring the entire block.

This would also account for a different path on the last few hops.

Verify the subnet mask from the provider and settings the sonicwall

excerpt from https://www.pantz.org/software/tcpip/subnetchart.html subnet chart

/24 255.255.255.0   65536 (65534)       254
/25 255.255.255.128 131072 (131070)     126
/26 255.255.255.192 262144 (262142)     62
/27 255.255.255.224 524288 (524286)     30
/28 255.255.255.240 1048576 (1048574)   14
/29 255.255.255.248 2097152 (2097150)   6
/30 255.255.255.252 4194304 (4194302)   2
ewwhite
  • 197,159
  • 92
  • 443
  • 809
Tom Clancy
  • 129
  • 3
  • They have also told me that I may need to have two interfaces defined and they insisted after repeated questioning that both need to have a .224 subnet. This all sounds very incorrect to me. Thank you for your help. – SixOThree May 25 '15 at 17:05
  • Can you describe a little more: Did cox provide you with their router? Is the sonic wall the only router in place? Does it come directly from the cable modem to the sonic wall. Is the cable modem also a router? You can tell if the .224 subnet is correct by looking at the gateway; next hop. How many IP's are in your block? – Tom Clancy May 25 '15 at 18:05
  • The cable modem is provided by cox and is not a router. The router we purchased is NSA 220 is directly connected to modem. For some reason they have insisted we use netmask .224. This makes sense because both of IPs assigned are in that block. But it doesn't make sense with the tracert and how they now tell us we need to create two separate interfaces - one for each IP. And they are insistent that they both need to use that same netmask which afaik is not a valid configuration. I think I will try to just use netmask .252 and set up two interfaces in the sonicwall. – SixOThree May 25 '15 at 19:09
  • Assuming Cox has provided correct information in the block being continuous, the ip range and subnet mask both make sense. Until Cox provides other information, your only concern is the ip addresses assigned to you being in the same subnet as the gateway address Cox has assigned. Extending the subnet mask so as to place the gateway address on a subnet other than your assigned addresses will mean your Sonicwall cannot reach it. If Cox wishes to waste addresses that is their problem, at my place we have a couple of mostly unused C-nets assigned and a few lesser stray nets which bothers nobody. – ErikE May 30 '15 at 16:20
  • Based on this answer and its comments I would also sincerely recommend the first answer here: http://serverfault.com/questions/49765/how-does-ipv4-subnetting-work – ErikE May 30 '15 at 16:39