Recently I tried to configure fail2ban in my PBX but the problem is that asterisk sees every extension like it is coming from the same place (same address). Well… actually in one way it is but that address is gateway and every extension registered from external is in asterisk registered like it is on that address. This means that fail2ban won’t work. It will ban gateway address every time and nothing will connect after that.
This is how report looks like in asterisk:
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
1XXXX/1XXXX (Unspecified) D Yes Yes 0 Unmonitored
xxx/xxx 10.3.0.100 D Yes Yes A 2580 OK (1259 ms)
xxx (Unspecified) D Yes Yes A 0 UNKNOWN
xxx/xxx 10.3.0.100 D Yes Yes A 39734 OK (185 ms)
xxx/xxx 10.3.0.100 D Yes Yes A 48678 OK (327 ms)
xxx/xxx 10.3.0.100 D Yes Yes A 25550 OK (854 ms)
xxx/xxx 10.3.0.100 D Yes Yes A 49745 OK (869 ms)
as You can see, every extension comes from the same IP which is not the case… that IP is the router gateway. Anybody knows how to solve this?