I've been using the denyhosts software for about 8 months to block IPs that are trying to connect to my network that shouldn't be. I'm having trouble with it today for the first time and I can't track down the issue.

It is installed on the main server which is the outside IP for the network as well. This should allow me to SSH to the hostname/network IP, or the NAT IP as well. It worked fine up until this morning when I started to work on an ftp server, as far as I know I didn't make any changes that should cause problems.

hosts.deny starts with no 192.x.x.x addresses in it.
In allowed-hosts for denyhosts I have entered 192.168.1.1 so that the router should never get blocked.
I can SSH to the hostname perfectly fine, connection doesn't drop or anything.
If I SSH to the NAT address the connection hangs there while the IP address gets added to hosts.deny

I can confirm 100% that I was able to SSH to my NAT from within the network with no problem, now it seems to throw the router IP into hosts.deny if I try to connect from within the network using the NAT.

Here is the error that I get in /var/log/secure

sshd[9272]: Did not receive identification string from 192.168.1.1

I did update my system recently which may have changed the way some files behave, I will try updating Denyhosts as well. It looked like the address being blocked was an IPv6 since it was showing as:
sshd[9201]: refused connect from ::ffff:192.168.1.1 (::ffff:192.168.1.1)

I added ::ffff:192.168.1.1 to allowed-hosts and the IPv4 address wasn't added to the hosts.deny the last time I tried.

I believe the problem may be with the newest firmware for my router, I'm not 100% on that though. It's almost like the authentication isn't being carried to the router so the connection gets dropped. The IP shouldn't be blocked though because I have set it to only block after 5 attempts.