Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-10152

Fail2ban banning its own ip addresses

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Cannot Reproduce
    • Affects Version/s: 12
    • Fix Version/s: None
    • Component/s: Fail2Ban
    • Labels:
      None
    • ToDo:

      Description

      .FreePBX Version: 6.12.65-28
      Asterisk 13.4.0

      Fail2ban is incorrectly banning the IP addresses of the FreePBX Server it's running on.

      From cli:

      <--- SIP read from UDP:62.210.250.141:5071 --->
      INVITE sip:01141445209396@107.6.xx.xxx SIP/2.0
      To: 01141445209396<sip:01141445209396@107.6.xx.xxx>
      From: 4003<sip:4003@107.6.xx.xxx>;tag=e2105358
      Via: SIP/2.0/UDP 62.210.250.141:5071;branch=z9hG4bK-3397ebb400ad1bb000169bbfb7fcf784;rport
      Call-ID: c6944e65f32efbbdbc45d8669060996d
      CSeq: 2 INVITE
      Contact: <sip:4003@62.210.250.141:5071>
      Max-Forwards: 70
      Allow: INVITE, ACK, CANCEL, BYE
      User-Agent: sipcli/v1.8
      Content-Type: application/sdp
      Authorization: Digest username="4003",realm="asterisk",nonce="5bd016b7",uri="sip:01141445209396@107.6.xx.xxx",response="757a226fca45b8f30eba70236a212ae7",algorithm=MD5
      Content-Length: 284

      v=0
      o=sipcli-Session 514273047 2086817246 IN IP4 62.210.250.141
      s=sipcli
      c=IN IP4 62.210.250.141
      t=0 0
      m=audio 5073 RTP/AVP 18 0 8 101
      a=fmtp:101 0-15
      a=rtpmap:18 G729/8000
      a=rtpmap:0 PCMU/8000
      a=rtpmap:8 PCMA/8000
      a=rtpmap:101 telephone-event/8000
      a=ptime:20
      a=sendrecv
      <------------->
      — (13 headers 13 lines) —
      Sending to 62.210.250.141:5071 (no NAT)
      Using INVITE request as basis request - c6944e65f32efbbdbc45d8669060996d
      No matching peer for '4003' from '62.210.250.141:5071'
      [2015-09-04 07:10:20] NOTICE[7280][C-0001329f]: chan_sip.c:25526 handle_request_invite: Failed to authenticate device 4003<sip:4003@107.6.xx.xxx>;tag=e2105358

      /var/log/asterisk/full clearly shows a number of failed attempts from 62.210.250.141

      [2015-09-04 06:42:13] VERBOSE[7280][C-00013273] chan_sip.c: No matching peer for '803' from '62.210.250.141:5075'
      [2015-09-04 06:42:13] VERBOSE[7280][C-00013273] chan_sip.c: No matching peer for '803' from '62.210.250.141:5075'
      [2015-09-04 06:42:14] VERBOSE[7280][C-00013274] chan_sip.c: No matching peer for '803' from '62.210.250.141:5108'
      [2015-09-04 06:42:14] VERBOSE[7280][C-00013274] chan_sip.c: No matching peer for '803' from '62.210.250.141:5108'
      [2015-09-04 06:42:15] VERBOSE[7280][C-00013275] chan_sip.c: No matching peer for '803' from '62.210.250.141:5070'
      [2015-09-04 06:42:15] VERBOSE[7280][C-00013275] chan_sip.c: No matching peer for '803' from '62.210.250.141:5070'
      [2015-09-04 06:42:15] VERBOSE[7280][C-00013276] chan_sip.c: No matching peer for '803' from '62.210.250.141:5077'
      [2015-09-04 06:42:15] VERBOSE[7280][C-00013276] chan_sip.c: No matching peer for '803' from '62.210.250.141:5077'
      [2015-09-04 06:42:16] VERBOSE[7280][C-00013277] chan_sip.c: No matching peer for '803' from '62.210.250.141:5090'
      [2015-09-04 06:42:16] VERBOSE[7280][C-00013277] chan_sip.c: No matching peer for '803' from '62.210.250.141:5090'
      [2015-09-04 06:42:17] VERBOSE[7280][C-00013278] chan_sip.c: No matching peer for '803' from '62.210.250.141:5096'
      [2015-09-04 06:42:17] VERBOSE[7280][C-00013278] chan_sip.c: No matching peer for '803' from '62.210.250.141:5096'
      [2015-09-04 06:42:18] VERBOSE[7280][C-00013279] chan_sip.c: No matching peer for '803' from '62.210.250.141:5071'
      [2015-09-04 06:42:18] VERBOSE[7280][C-00013279] chan_sip.c: No matching peer for '803' from '62.210.250.141:5071'
      [2015-09-04 07:10:20] VERBOSE[7280][C-0001329e] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5091'
      [2015-09-04 07:10:20] VERBOSE[7280][C-0001329e] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5091'
      [2015-09-04 07:10:20] VERBOSE[7280][C-0001329f] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5071'
      [2015-09-04 07:10:20] VERBOSE[7280][C-0001329f] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5071'
      [2015-09-04 07:10:21] VERBOSE[7280][C-000132a0] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5080'
      [2015-09-04 07:10:21] VERBOSE[7280][C-000132a0] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5080'
      [2015-09-04 07:10:22] VERBOSE[7280][C-000132a1] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5110'
      [2015-09-04 07:10:22] VERBOSE[7280][C-000132a1] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5110'
      [2015-09-04 07:10:23] VERBOSE[7280][C-000132a2] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5107'
      [2015-09-04 07:10:23] VERBOSE[7280][C-000132a2] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5107'
      [2015-09-04 07:10:24] VERBOSE[7280][C-000132a3] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5106'
      [2015-09-04 07:10:24] VERBOSE[7280][C-000132a3] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5106'
      [2015-09-04 07:10:24] VERBOSE[7280][C-000132a4] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5108'
      [2015-09-04 07:10:24] VERBOSE[7280][C-000132a4] chan_sip.c: No matching peer for '4003' from '62.210.250.141:5108'

      When fail2ban creates the ban fail2ban incorrectly bans 107.6.xx.xxx instead of 62.210.250.141*

      Chain fail2ban-SIP (2 references)
      target prot opt source destination
      REJECT all – 107.6.xx.xxx 0.0.0.0/0 reject-with icmp-port-unreachable

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                tm1000 Andrew Nagy
                Reporter:
                Hawkeye Hawkeye
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.