<div class="gmail_quote">On Wed, Mar 14, 2012 at 1:36 PM, Randall <span dir="ltr"><<a href="mailto:randall@songshu.org">randall@songshu.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
all works as expected only there is 1 extension that is trying to
register with a wrong password causing fail2ban to block the IP address,
normally that is ok behaviour but i have several extensions on that IP
address.<div class="HOEnZb"><div class="h5"><br></div></div></blockquote></div><br><br>First of all, white list the IP in fail2ban and you won't accidentally ban the whole office. This can be done by following this guide: <a href="http://www.fail2ban.org/wiki/index.php/Whitelist">http://www.fail2ban.org/wiki/index.php/Whitelist</a><br>
<br>Second, this is kind of outside the box thinking, so it may not work at all, but try setting the NAT on that peer to no, and then tcpdump the incoming registration attempts and see if you can see the internal private IP address of the packet. If there's a SIP helper on the far end, this may not help. Possibly, remove the secret= line from that peer in sip.conf and see if it successfully registers. Again, with the right nat= setting, you may be able to tcpdump the communication with that peer and get the private IP address so that you can then attempt narrow it down. This is not a long term solution, obviously, as it would create a gaping security hole, but it's worth a shot.<br>
<br>-- <br>Thanks,<br>--Warren Selby, dCAP<br><a href="http://www.selbytech.com" target="_blank">http://www.SelbyTech.com</a><br><br>