<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi,<div class=""><br class=""></div><div class="">I solved that on Kamailio side:<br class=""><div class=""><br class=""></div><div class=""><div style="margin: 0px; line-height: normal; font-family: Courier; color: rgb(76, 47, 45); background-color: rgb(223, 219, 196);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">onreply_route {</span></div><div style="margin: 0px; line-height: normal; font-family: Courier; color: rgb(76, 47, 45); background-color: rgb(223, 219, 196);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> ...</span></div><div style="margin: 0px; line-height: normal; font-family: Courier; color: rgb(76, 47, 45); background-color: rgb(223, 219, 196);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> if (is_method("REGISTER|INVITE")) {</span></div><div style="margin: 0px; line-height: normal; font-family: Courier; color: rgb(76, 47, 45); background-color: rgb(223, 219, 196);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> if (pcre_match("$rs", "^4..")) {</span></div><div style="margin: 0px; line-height: normal; font-family: Courier; color: rgb(76, 47, 45); background-color: rgb(223, 219, 196);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> xlog("L_INFO", "Unauthorized Request from $T_req($si)\n");</span></div><div style="margin: 0px; line-height: normal; font-family: Courier; color: rgb(76, 47, 45); background-color: rgb(223, 219, 196);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> }</span></div><div style="margin: 0px; line-height: normal; font-family: Courier; color: rgb(76, 47, 45); background-color: rgb(223, 219, 196);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> }</span></div></div><div style="margin: 0px; line-height: normal; font-family: Courier; color: rgb(76, 47, 45); background-color: rgb(223, 219, 196);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> ...</span></div><div style="margin: 0px; line-height: normal; font-family: Courier; color: rgb(76, 47, 45); background-color: rgb(223, 219, 196);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">}</span></div><div class=""><br class=""></div><div class="">Thanks!</div><div class="">Roman</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">Am 30.11.2016 um 04:52 schrieb Sergey Safarov <<a href="mailto:s.safarov@gmail.com" class="">s.safarov@gmail.com</a>>:</div><br class="Apple-interchange-newline"><div class=""><p dir="ltr" class="">When you use kamailio then close sip interface port via iptables rules like "block all except kamailio IP where destination port 5060"<br class="">
fail2ban is not required in your case.</p><p dir="ltr" class="">Failed registration and failed INVITE authorization can be logged at kamailio configuration.</p>
<br class=""><div class="gmail_quote"><div dir="ltr" class="">ср, 30 нояб. 2016, 0:21 Steven Ayre <<a href="mailto:steveayre@gmail.com" class="">steveayre@gmail.com</a>>:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg">Are you using apply-proxy-acl?<div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">If not see if that helps, otherwise perhaps file a Jira to request it.</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">Regards,</div><div class="gmail_msg">Steve</div><div class="gmail_msg"><br class="gmail_msg"></div></div><div class="gmail_extra gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg">On 29 November 2016 at 08:37, Roman Dissauer <span dir="ltr" class="gmail_msg"><<a href="mailto:roman@dissauer.net" class="gmail_msg" target="_blank">roman@dissauer.net</a>></span> wrote:<br class="gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Alex,<br class="gmail_msg">
<br class="gmail_msg">
I already get the original source IP into FS but I need to log unsuccessful auth attempts with original IP to block them with fail2ban.<br class="gmail_msg">
The default log message „SIP auth challenge…“ does only log the Proxy IP<br class="gmail_msg">
<span class="m_2579196760467826316HOEnZb gmail_msg"><font color="#888888" class="gmail_msg"><br class="gmail_msg">
Roman<br class="gmail_msg">
</font></span><div class="m_2579196760467826316HOEnZb gmail_msg"><div class="m_2579196760467826316h5 gmail_msg"><br class="gmail_msg">
<br class="gmail_msg">
> Am 29.11.2016 um 09:28 schrieb Alex Balashov <<a href="mailto:abalashov@evaristesys.com" class="gmail_msg" target="_blank">abalashov@evaristesys.com</a>>:<br class="gmail_msg">
><br class="gmail_msg">
> Hi Roman,<br class="gmail_msg">
><br class="gmail_msg">
> It sounds like you should just attach the original source IP as a custom SIP header on the Kamailio side:<br class="gmail_msg">
><br class="gmail_msg">
> append_hf("X-Orig-SRC-IP: $si\r\n");<br class="gmail_msg">
><br class="gmail_msg">
> You can then recover that in FreeSWITCH with ${sip_h_X-Orig-SRC-IP}.<br class="gmail_msg">
><br class="gmail_msg">
> -- Alex<br class="gmail_msg">
><br class="gmail_msg">
> --<br class="gmail_msg">
> Alex Balashov | Principal | Evariste Systems LLC<br class="gmail_msg">
><br class="gmail_msg">
> Tel: <a href="tel:%2B1-706-510-6800" value="+17065106800" class="gmail_msg" target="_blank">+1-706-510-6800</a> (direct) / <a href="tel:%2B1-800-250-5920" value="+18002505920" class="gmail_msg" target="_blank">+1-800-250-5920</a> (toll-free)<br class="gmail_msg">
> Web: <a href="http://www.evaristesys.com/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.evaristesys.com/</a>, <a href="http://www.csrpswitch.com/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.csrpswitch.com/</a><br class="gmail_msg">
><br class="gmail_msg">
> _________________________________________________________________________<br class="gmail_msg">
> Professional FreeSWITCH Consulting Services:<br class="gmail_msg">
> <a href="mailto:consulting@freeswitch.org" class="gmail_msg" target="_blank">consulting@freeswitch.org</a><br class="gmail_msg">
> <a href="http://www.freeswitchsolutions.com/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.freeswitchsolutions.com</a><br class="gmail_msg">
><br class="gmail_msg">
> Official FreeSWITCH Sites<br class="gmail_msg">
> <a href="http://www.freeswitch.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.freeswitch.org</a><br class="gmail_msg">
> <a href="http://confluence.freeswitch.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://confluence.freeswitch.org</a><br class="gmail_msg">
> <a href="http://www.cluecon.com/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.cluecon.com</a><br class="gmail_msg">
><br class="gmail_msg">
> FreeSWITCH-users mailing list<br class="gmail_msg">
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="gmail_msg" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br class="gmail_msg">
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="gmail_msg">
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="gmail_msg">
> <a href="http://www.freeswitch.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.freeswitch.org</a><br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
_________________________________________________________________________<br class="gmail_msg">
Professional FreeSWITCH Consulting Services:<br class="gmail_msg">
<a href="mailto:consulting@freeswitch.org" class="gmail_msg" target="_blank">consulting@freeswitch.org</a><br class="gmail_msg">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.freeswitchsolutions.com</a><br class="gmail_msg">
<br class="gmail_msg">
Official FreeSWITCH Sites<br class="gmail_msg">
<a href="http://www.freeswitch.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.freeswitch.org</a><br class="gmail_msg">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://confluence.freeswitch.org</a><br class="gmail_msg">
<a href="http://www.cluecon.com/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.cluecon.com</a><br class="gmail_msg">
<br class="gmail_msg">
FreeSWITCH-users mailing list<br class="gmail_msg">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="gmail_msg" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br class="gmail_msg">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="gmail_msg">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="gmail_msg">
<a href="http://www.freeswitch.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.freeswitch.org</a></div></div></blockquote></div><br class="gmail_msg"></div>
_________________________________________________________________________<br class="gmail_msg">
Professional FreeSWITCH Consulting Services:<br class="gmail_msg">
<a href="mailto:consulting@freeswitch.org" class="gmail_msg" target="_blank">consulting@freeswitch.org</a><br class="gmail_msg">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.freeswitchsolutions.com</a><br class="gmail_msg">
<br class="gmail_msg">
Official FreeSWITCH Sites<br class="gmail_msg">
<a href="http://www.freeswitch.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.freeswitch.org</a><br class="gmail_msg">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://confluence.freeswitch.org</a><br class="gmail_msg">
<a href="http://www.cluecon.com/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.cluecon.com</a><br class="gmail_msg">
<br class="gmail_msg">
FreeSWITCH-users mailing list<br class="gmail_msg">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="gmail_msg" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br class="gmail_msg">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="gmail_msg">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class="gmail_msg">
<a href="http://www.freeswitch.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.freeswitch.org</a></blockquote></div>
_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">http://www.freeswitchsolutions.com<br class=""><br class="">Official FreeSWITCH Sites<br class="">http://www.freeswitch.org<br class="">http://confluence.freeswitch.org<br class="">http://www.cluecon.com<br class=""><br class="">FreeSWITCH-users mailing list<br class="">FreeSWITCH-users@lists.freeswitch.org<br class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br class="">UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br class="">http://www.freeswitch.org</div></blockquote></div><br class=""></div></div></body></html>