Hi, this morning office unable to get/make calls. sip show peers shows all extensions unreachable. iptables showed the office IP address was banned for fail2ban-SIP.
/var/log/asterisk/full log showed the ban but instead of banning the IP trying to auth it banned the IP for the office where the extension is.
full-20161004:[2016-10-03 21:04:35] NOTICE[1649] chan_sip.c: Registration from ‘101 sip:[email protected]’ failed for ‘23.239.65.66:58281’ - Wrong password
To be clear here, the IP address of 23.239.65.66 SHOULD have been banned. For some reason fail2ban banned the xxx.xx.49.45
Wondering if fail2ban does something similar to sip show peers to get the IP address of the extension it thinks is sending the (wrong) password.
Looked in both /var/log/fail2ban.log and /var/log/asterisk/fail2ban* and don’t see any reference to the office IP address containing '12.39.58 other than above.