Carrier Grade Network Address Translation (CGNAT) is commonly used by Internet Service Providers (ISP’s) to remove the need to provide dedicated IP addresses to customers. This is due to the exhaustion of the IPv4 address range

Some ISP’s are even enforcing IPv6 only and taking the step further by having further services which translate IPv6 to IPv4 services. These services are particularly common for 5G based home internet services.

These services work quite seamlessly for many services such as web browsing and streaming video, which covers the majority of use cases.

Unfortunately, most of these services aren’t compatible with FTP.

If you attempt to connect, your FTP client may report errors such as:

Command:   AUTH TLS
Response:  504 Command not implemented for that parameter


Command:   AUTH TLS
Response:  502-Auth command is not supported

There may also be intermittent access where it works one day and not the next as well as other services also affected. This is a common trait for many CGNAT systems which are essentially trying to “fake” a connection to make it work seamlessly.

What can I do to fix this?

Generally, you need to be on a business plan with your ISP to ensure you have a proper IP address allocated to avoid these issues.

You may also be able to opt out of any CGNAT service your ISP offers. You’ll need to contact your ISP to see if this is an option or not.

Conetix is also rolling out IPv6 to all services progressively and expect this to be complete for all services in 2025. This will avoid the requirement for CGNAT and ensure all services work for ISP’s where they’re not allowing IPv4 IP allocations.

Was this article helpful?