Trouble connecting to an FTP site behind Asus-Merlin 380.63

[ricosauve]

Yes

Did you verify that by seeing a public address for the Asus router for WAN? (I'm sure you did, but just double checking at this point).

Yes sir! The asus router reports my wan ip on the web GUI landing page beginning with 99.x.x.x

I also just tested a old resi Cisco router (with ddwrt) and it worked! The FTP connection was good but then swapped routers to asus and it fails! Some setting in the asus is messing up?

 

[ricosauve]

I delayed a bit in answering, since the active/passive FTP setting was a better thing to investigate first.

Many internet services will blacklist IPs they view as malicious, either by themselves or by some common industry blacklists. For your Company B, they are either big enough to run their own network (like a Microsoft, Amazon) or they use the services of a provider. In the former case, the folks that run the FTP site may be subject to actions by the Security folks. In the latter case, it's their provider that may be doing the blacklisting.

Your assigned IP by your provider may have been used in the past in such a way as to end up on a blacklist. Although not static, it can be 'sticky' based on the MAC address of the first piece of hardware attached to the modem (now your router). So the idea here is to get your ISP to assign you a new IP address. There are generally two ways to do this.
- Power down your modem/router for about 1/2 hour (sometimes it takes shorter/longer, but it's more than a reboot or quick power cycle) and your ISP may assign the IP to another user and give you a different one.
- Change the MAC address of the router that is presented to the modem. You do this on the primary WAN page in the router gui, where you can specify a specific MAC address, or clone the address of the PC you are using to access the gui.

Ok thanks so much for the details.

I went to the asus wan page from my laptop and hit "clone mac". It populated the field to the left with a MAC address that I presume is my laptop and then I hit apply. I tested the FTP and it appeared to work! I rebooted the router and it still seems to work!! Unreal!
THank you!!

My only questions now would be
1). what implications are there long term in having this mac clone address?
2). Can I type any arbitrary MAC address I want into this field? I would assume the MAC address must be somehow restricted in range? Certain vendors? Certain product types? Maybe not though? I guess the ISP would not care two hoots?

3) So my isp apparently gave me a blacklisted (by company B's database) public IP?

4) I would have to present my isp with a different MAC address to force them to give me a new IP address? And this mac clone button is the way to present my isp with a new MAC address?

5)I had thought that my bridged modem still presents its MAC address for an an IP address and so swapping my router behind the modem would not change the IP given to my router. But if this is not the case then every time I hot swap the routers behind the modem, my isp must have handed me different IP's which is why the basic router worked but not my asus router? Correct?

 

[ColinTaylor]

1). what implications are there long term in having this mac clone address?

None

2). Can I type any arbitrary MAC address I want into this field? I would assume the MAC address must be somehow restricted in range? Certain vendors? Certain product types? Maybe not though? I guess the ISP would not care two hoots?

It can be more or less anything provided that it is unique to the physical network it is attached to. See here for details. There are a couple of restrictions, so if for some reason you need to create a new MAC address, to be safe I would find a real MAC address on your LAN and change octet 4 or 5.

3) So my isp apparently gave me a blacklisted (by company B's database) public IP?

Apparently so. That is not that uncommon with domestic ISPs. If an organisation sees malicious traffic repeatedly coming from an IP (think botnets, malware, etc.) they tend to block an entire range of IPs rather then one specific IP (because the IPs are dynamic and move around). It's more common to block SNMP rather than FTP though.

4) I would have to present my isp with a different MAC address to force them to give me a new IP address? And this mac clone button is the way to present my isp with a new MAC address?

Correct. The clone button will copy then MAC address of the PC you are currently using. Or you can just type an address in manually. See answer 2).

5)... then every time I hot swap the routers behind the modem, my isp must have handed me different IP's which is why the basic router worked but not my asus router? Correct?

Correct.

 

[john9527]

) I would have to present my isp with a different MAC address to force them to give me a new IP address? And this mac clone button is the way to present my isp with a new MAC address?

Correct. The clone button will copy then MAC address of the PC you are currently using. Or you can just type an address in manually. See answer 2).

Just one additional comment here....the WAN IP from your ISP is 'sticky', but not static.. It
can change without any change to the router MAC. Personal experience.....I had the same IP for about 6 months.....the ISP did some network upgrades and now I'll get a new IP address on approximately every other reboot.

 

[ricosauve]

Thanks so much to everyone who helped me. I didn't really think that there would be blacklisted IP addresses handed to me. I guess that's just the nature of the world we live in; one person can screw it up for many people.

 

[HeMaN]

Note tot myself: always ask for a double check on another server before diggin straight in
Glad you got it figured out

Verstuurd vanaf mijn A0001 met Tapatalk

 

[ricosauve]

So my isp just issued a warning about security. Ssdp vulnerability. Is this because:

I had momentarily connected my laptop direct to the bridged modem?

Or maybe because I cloned my laptop MAC on the router?

Or because the default ASUS Merlin firmware has UPnP enabled under the WAN>basic settings tab? Isn't this a big no-no to have UPnP on the WAN side??

 

[ColinTaylor]

Or because the default ASUS Merlin firmware has UPnP enabled under the WAN>basic settings tab? Isn't this a big no-no to have UPnP on the WAN side??

UPnP is not on the WAN side. You're safe. That setting refers to the NAT/port forwarding functionality.

If they detected SSDP traffic it would have been from when you connected directly to the cable modem.

EDIT: Or you've turned off the firewall on the router.