X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=examples%2Fsimple-bridging-with-dhcp-server-side.mdwn;h=8ef726d9b1a2468450794986620935d29e3f7d7c;hb=HEAD;hp=410e223d0691020b442568856789068cc0afd63f;hpb=1a9528ec4637523bc9f738fc1e03f3b9b4fe05e7;p=wiki diff --git a/examples/simple-bridging-with-dhcp-server-side.mdwn b/examples/simple-bridging-with-dhcp-server-side.mdwn index 410e223..8ef726d 100644 --- a/examples/simple-bridging-with-dhcp-server-side.mdwn +++ b/examples/simple-bridging-with-dhcp-server-side.mdwn @@ -1,312 +1,325 @@ -# Company: PowerCraft Technology -# Author: Copyright Jelle de Jong -# Note: Please send me an email if you enhanced the document -# Date: 2010-05-24 -# License: CC-BY-SA - -# This document is free documentation; you can redistribute it and/or -# modify it under the terms of the Creative Commons Attribution Share -# Alike as published by the Creative Commons Foundation; either version -# 3.0 of the License, or (at your option) any later version. -# -# This document is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# Creative Commons BY-SA License for more details. -# -# http://creativecommons.org/licenses/by-sa/ - -#----------------------------------------------------------------------- - -# for commercial support contact me, part of the revenue go back to tinc - -#----------------------------------------------------------------------- - -# http://www.tinc-vpn.org/ -# http://www.tinc-vpn.org/examples/bridging -# http://www.tinc-vpn.org/documentation/tinc_toc - -#----------------------------------------------------------------------- - -# <@guus> Well all the tinc daemons together act like a single switcch -# <@guus> And each node in the VPN is connected to a port of that switch -# <@guus> And if you bridge the VPN interface with eth0, then it's like you plug a cable in a port of your eth0 LAN and the other end of that cable into the tinc switch - -#----------------------------------------------------------------------- - -unset LANG LANGUAGE LC_ALL -apt-get update; apt-get dist-upgrade - -apt-cache show tinc -apt-get install tinc -apt-get install bridge-utils - -#----------------------------------------------------------------------- - -/etc/init.d/tinc stop - -#----------------------------------------------------------------------- - -# ls -hal /dev/net/tun -crw-rw-rw- 1 root root 10, 200 May 20 20:07 /dev/net/tun - -# grep tinc /etc/services -tinc 655/tcp # tinc control port -tinc 655/udp - -cat /usr/share/doc/tinc/README.Debian -zcat /usr/share/doc/tinc/README.gz | less -zcat /usr/share/doc/tinc/NEWS.gz | less -cat /usr/share/doc/tinc/examples/tinc-up -w3m /usr/share/doc/tinc/tinc_0.html - -cat /etc/default/tinc -less /etc/init.d/tinc - -#----------------------------------------------------------------------- - -vim /etc/default/tinc -EXTRA="-d" -cat /etc/default/tinc - -#----------------------------------------------------------------------- - -cat /etc/tinc/nets.boot -echo 'powercraft01' | tee --append /etc/tinc/nets.boot -cat /etc/tinc/nets.boot - -#----------------------------------------------------------------------- - -ls -hal /etc/tinc/scallab01/ -mkdir --verbose /etc/tinc/powercraft01/ -mkdir --verbose /etc/tinc/powercraft01/hosts/ -touch /etc/tinc/powercraft01/tinc.conf - -#----------------------------------------------------------------------- - -vim /etc/network/interfaces - -# tinc-vpn: dhcp bridge -auto br0 - iface br0 inet static - address 192.168.3.1 - netmask 255.255.255.0 -# pre-up /sbin/ifconfig eth2 hw ether 00:1b:21:61:af:d7 -# pre-up /sbin/ifconfig eth2 0.0.0.0 -# bridge_ports eth2 - bridge_ports tun1 - bridge_maxwait 1 - bridge_fd 2.5 - -cat /etc/network/interfaces - -#----------------------------------------------------------------------- - -echo 'interface "br0" { - request subnet-mask, broadcast-address, time-offset, - host-name, netbios-scope, interface-mtu, ntp-servers; -}' | tee --append /etc/dhcp3/dhclient.conf - -cat /etc/dhcp3/dhclient.conf - -#----------------------------------------------------------------------- - -vim /etc/dhcp3/dhcpd.conf - -subnet 192.168.3.0 netmask 255.255.255.0 { - range 192.168.3.200 192.168.3.240; - option routers 192.168.3.1; - option domain-name-servers 192.168.3.1; -} - -#----------------------------------------------------------------------- - -ifdown br0 -ifup br0 - -#----------------------------------------------------------------------- - -vim /etc/default/dhcp3-server - INTERFACES="vlan2 eth0 br0" # add the br0 to the correct location - -/etc/init.d/dhcp3-server restart -ps aux | grep dhcp -tail -n 400 -f /var/log/syslog - -#----------------------------------------------------------------------- - -ifconfig br0 -route -n -brctl show - -#----------------------------------------------------------------------- - -# ifconfig br0 -br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 - inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 - inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:12 errors:0 dropped:0 overruns:0 frame:0 - TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:0 - RX bytes:2568 (2.5 KB) TX bytes:1536 (1.5 KB) - -# route -n -Kernel IP routing table -Destination Gateway Genmask Flags Metric Ref Use Iface -192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 -192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 -192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 -84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 -0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 - -# brctl show -bridge name bridge id STP enabled interfaces -br0 8000.000000000000 no - -#----------------------------------------------------------------------- - -echo 'AddressFamily = ipv4 -Device = /dev/net/tun -Interface = tun1 -Mode = switch -Name = server01' | tee /etc/tinc/powercraft01/tinc.conf - -cat /etc/tinc/powercraft01/tinc.conf -chmod 640 /etc/tinc/powercraft01/tinc.conf -ls -hal /etc/tinc/powercraft01/tinc.conf - -echo '#!/bin/sh -ifconfig $INTERFACE 0.0.0.0 -brctl addif br0 $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up - -cat /etc/tinc/powercraft01/tinc-up -chmod 750 /etc/tinc/powercraft01/tinc-up -ls -hal /etc/tinc/powercraft01/tinc-up - -echo '#!/bin/sh -brctl delif br0 $INTERFACE -ifconfig $INTERFACE down' | tee /etc/tinc/powercraft01/tinc-down - -cat /etc/tinc/powercraft01/tinc-down -chmod 750 /etc/tinc/powercraft01/tinc-down -ls -hal /etc/tinc/powercraft01/tinc-down - -#----------------------------------------------------------------------- - -rm /etc/tinc/powercraft01/rsa_key.priv -rm /etc/tinc/powercraft01/hosts/server01 -tincd -n powercraft01 -K - -#----------------------------------------------------------------------- - -getent services | grep 656 - -#----------------------------------------------------------------------- - -vim /etc/tinc/powercraft01/hosts/server01 - -# add on head of file -Compression = 9 -PMTU = 1492 -PMTUDiscovery = yes -Port = 656 - -cat /etc/tinc/powercraft01/hosts/server01 - -#----------------------------------------------------------------------- - -/etc/init.d/tinc stop -fg -/usr/sbin/tincd --net powercraft01 --no-detach --debug=5 - -#----------------------------------------------------------------------- - -/etc/init.d/tinc restart -tail --line=500 --follow /var/log/syslog - -#----------------------------------------------------------------------- - -ifconfig br0 -ifconfig tun1 -route -n -brctl show br0 -brctl showmacs br0 - -#----------------------------------------------------------------------- - -# ifconfig br0 -br0 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 - inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 - inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:17 errors:0 dropped:0 overruns:0 frame:0 - TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:0 - RX bytes:3328 (3.3 KB) TX bytes:2408 (2.4 KB) - -# ifconfig tun1 -tun1 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 - inet6 addr: fe80::1ceb:95ff:fec3:4d8/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:8 errors:0 dropped:0 overruns:0 frame:0 - TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:500 - RX bytes:2627 (2.6 KB) TX bytes:1340 (1.3 KB) - -# route -n -Kernel IP routing table -Destination Gateway Genmask Flags Metric Ref Use Iface -192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 -192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 -192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 -84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 -0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 - -# brctl show br0 -bridge name bridge id STP enabled interfaces -br0 8000.1eeb95c304d8 no tun1 - -# brctl showmacs br0 -port no mac addr is local? ageing timer - 1 1e:eb:95:c3:04:d8 yes 0.00 - 1 86:03:27:21:2e:60 no 44.19 - -#----------------------------------------------------------------------- - -ps aux | grep tincd -tincd -n powercraft01 -kUSR2 -tail -n 100 /var/log/syslog - -#----------------------------------------------------------------------- - -May 24 17:29:31 ashley tinc.powercraft01[11557]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun: -May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes in: 468 -May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes out: 0 -May 24 17:29:31 ashley tinc.powercraft01[11557]: Nodes: -May 24 17:29:31 ashley tinc.powercraft01[11557]: server01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options 4 status 0018 nexthop server01 via server01 pmtu 1518 (min 0 max 1518) -May 24 17:29:31 ashley tinc.powercraft01[11557]: End of nodes. -May 24 17:29:31 ashley tinc.powercraft01[11557]: Edges: -May 24 17:29:31 ashley tinc.powercraft01[11557]: End of edges. -May 24 17:29:31 ashley tinc.powercraft01[11557]: Subnet list: -May 24 17:29:31 ashley tinc.powercraft01[11557]: a2:63:0:96:a:c8#10 owner server01 -May 24 17:29:31 ashley tinc.powercraft01[11557]: End of subnet list. - -#----------------------------------------------------------------------- - -tcpdump -n -i br0 broadcast -tcpdump -n -i tun0 broadcast - -#----------------------------------------------------------------------- - -tcpdump -n -e -i br0 icmp -tcpdump -A -p -n -i br0 port 80 -tcpdump -A -p -n -i br0 - -tcpdump -i br0 host 84.245.3.195 -l - -#----------------------------------------------------------------------- - -cat /var/lib/dhcp3/dhcpd.leases - -#----------------------------------------------------------------------- + [[!meta title="simple-bridging-with-dhcp-server-side"]] + + # Company: PowerCraft Technology + # Author: Copyright Jelle de Jong + # Note: Please send me an email if you enhanced the document + # Date: 2010-05-24 / 2010-07-04 + # License: CC-BY-SA + + # This document is free documentation; you can redistribute it and/or + # modify it under the terms of the Creative Commons Attribution Share + # Alike as published by the Creative Commons Foundation; either version + # 3.0 of the License, or (at your option) any later version. + # + # This document is distributed in the hope that it will be useful, + # but WITHOUT ANY WARRANTY; without even the implied warranty of + # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + # Creative Commons BY-SA License for more details. + # + # https://creativecommons.org/licenses/by-sa/ + + #----------------------------------------------------------------------- + + # for commercial support contact me, part of the revenue go back to tinc + + #----------------------------------------------------------------------- + + # https://www.tinc-vpn.org/ + # https://www.tinc-vpn.org/examples/bridging + # https://www.tinc-vpn.org/documentation/tinc_toc + + #----------------------------------------------------------------------- + + # <@guus> Well all the tinc daemons together act like a single switcch + # <@guus> And each node in the VPN is connected to a port of that switch + # <@guus> And if you bridge the VPN interface with eth0, then it's like you plug a cable in a port of your eth0 LAN and the other end of that cable into the tinc switch + + #----------------------------------------------------------------------- + + unset LANG LANGUAGE LC_ALL + apt-get update; apt-get dist-upgrade + + apt-cache show tinc + apt-get install tinc + apt-get install bridge-utils + + #----------------------------------------------------------------------- + + /etc/init.d/tinc stop + + #----------------------------------------------------------------------- + + # ls -hal /dev/net/tun + crw-rw-rw- 1 root root 10, 200 May 20 20:07 /dev/net/tun + + # grep tinc /etc/services + tinc 655/tcp # tinc control port + tinc 655/udp + + cat /usr/share/doc/tinc/README.Debian + zcat /usr/share/doc/tinc/README.gz | less + zcat /usr/share/doc/tinc/NEWS.gz | less + cat /usr/share/doc/tinc/examples/tinc-up + w3m /usr/share/doc/tinc/tinc_0.html + + cat /etc/default/tinc + less /etc/init.d/tinc + + #----------------------------------------------------------------------- + + vim /etc/default/tinc + EXTRA="-d" + cat /etc/default/tinc + + #----------------------------------------------------------------------- + + cat /etc/tinc/nets.boot + echo 'powercraft01' | tee --append /etc/tinc/nets.boot + cat /etc/tinc/nets.boot + + #----------------------------------------------------------------------- + + ls -hal /etc/tinc/scallab01/ + mkdir --verbose /etc/tinc/powercraft01/ + mkdir --verbose /etc/tinc/powercraft01/hosts/ + touch /etc/tinc/powercraft01/tinc.conf + + #----------------------------------------------------------------------- + + vim /etc/network/interfaces + + # tinc-vpn: dhcp bridge + auto br0 + iface br0 inet static + address 192.168.3.1 + netmask 255.255.255.0 + # pre-up /sbin/ifconfig eth2 hw ether 00:1b:21:61:af:d7 + # pre-up /sbin/ifconfig eth2 0.0.0.0 + # bridge_ports eth2 + bridge_ports tun1 + bridge_maxwait 1 + bridge_fd 2.5 + post-up /bin/echo 1 > /proc/sys/net/ipv4/conf/br0/proxy_arp # optional + + cat /etc/network/interfaces + + #----------------------------------------------------------------------- + + echo 'interface "br0" { + request subnet-mask, broadcast-address, time-offset, + host-name, netbios-scope, interface-mtu, ntp-servers; + }' | tee --append /etc/dhcp3/dhclient.conf + + cat /etc/dhcp3/dhclient.conf + + #----------------------------------------------------------------------- + + vim /etc/dhcp3/dhcpd.conf + + subnet 192.168.3.0 netmask 255.255.255.0 { + range 192.168.3.200 192.168.3.240; + option routers 192.168.3.1; + option domain-name-servers 192.168.3.1; + } + + #----------------------------------------------------------------------- + + ifdown br0 + ifup br0 + + #----------------------------------------------------------------------- + + vim /etc/default/dhcp3-server + INTERFACES="vlan2 eth0 br0" # add the br0 to the correct location + + /etc/init.d/dhcp3-server restart + ps aux | grep dhcp + tail -n 400 -f /var/log/syslog + + #----------------------------------------------------------------------- + + ifconfig br0 + route -n + brctl show + + #----------------------------------------------------------------------- + + # ifconfig br0 + br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 + inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 + inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:12 errors:0 dropped:0 overruns:0 frame:0 + TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:2568 (2.5 KB) TX bytes:1536 (1.5 KB) + + # route -n + Kernel IP routing table + Destination Gateway Genmask Flags Metric Ref Use Iface + 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 + 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 + 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 + 84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 + 0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 + + # brctl show + bridge name bridge id STP enabled interfaces + br0 8000.000000000000 no + + #----------------------------------------------------------------------- + + echo 'AddressFamily = ipv4 + Device = /dev/net/tun + Interface = tun1 + Mode = switch + Name = server01' | tee /etc/tinc/powercraft01/tinc.conf + + cat /etc/tinc/powercraft01/tinc.conf + chmod 640 /etc/tinc/powercraft01/tinc.conf + ls -hal /etc/tinc/powercraft01/tinc.conf + + echo '#!/bin/sh + ifconfig $INTERFACE 0.0.0.0 + route add -net 192.168.30.0 netmask 255.255.255.0 br0 # optional subnet + brctl addif br0 $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up + + cat /etc/tinc/powercraft01/tinc-up + chmod 750 /etc/tinc/powercraft01/tinc-up + ls -hal /etc/tinc/powercraft01/tinc-up + + echo '#!/bin/sh + brctl delif br0 $INTERFACE + route del -net 192.168.30.0 netmask 255.255.255.0 br0 # optional subnet + ifconfig $INTERFACE down' | tee /etc/tinc/powercraft01/tinc-down + + cat /etc/tinc/powercraft01/tinc-down + chmod 750 /etc/tinc/powercraft01/tinc-down + ls -hal /etc/tinc/powercraft01/tinc-down + + #----------------------------------------------------------------------- + + rm /etc/tinc/powercraft01/rsa_key.priv + rm /etc/tinc/powercraft01/hosts/server01 + tincd -n powercraft01 -K + + #----------------------------------------------------------------------- + + getent services | grep 656 + + #----------------------------------------------------------------------- + + vim /etc/tinc/powercraft01/hosts/server01 + + # add on head of file + Compression = 9 + PMTU = 1492 + PMTUDiscovery = yes + Port = 656 + + cat /etc/tinc/powercraft01/hosts/server01 + + #----------------------------------------------------------------------- + + /etc/init.d/tinc stop + fg + /usr/sbin/tincd --net powercraft01 --no-detach --debug=5 + + #----------------------------------------------------------------------- + + /etc/init.d/tinc restart + tail --line=500 --follow /var/log/syslog + + #----------------------------------------------------------------------- + + ifconfig br0 + ifconfig tun1 + route -n + brctl show br0 + brctl showmacs br0 + + #----------------------------------------------------------------------- + + # ifconfig br0 + br0 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 + inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 + inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:17 errors:0 dropped:0 overruns:0 frame:0 + TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:3328 (3.3 KB) TX bytes:2408 (2.4 KB) + + # ifconfig tun1 + tun1 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 + inet6 addr: fe80::1ceb:95ff:fec3:4d8/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:8 errors:0 dropped:0 overruns:0 frame:0 + TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:500 + RX bytes:2627 (2.6 KB) TX bytes:1340 (1.3 KB) + + # route -n + Kernel IP routing table + Destination Gateway Genmask Flags Metric Ref Use Iface + 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 + 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 + 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 + 84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 + 0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 + + # brctl show br0 + bridge name bridge id STP enabled interfaces + br0 8000.1eeb95c304d8 no tun1 + + # brctl showmacs br0 + port no mac addr is local? ageing timer + 1 1e:eb:95:c3:04:d8 yes 0.00 + 1 86:03:27:21:2e:60 no 44.19 + + #----------------------------------------------------------------------- + + ps aux | grep tincd + tincd -n powercraft01 -kUSR2 + tail -n 100 /var/log/syslog + + #----------------------------------------------------------------------- + + May 24 17:29:31 ashley tinc.powercraft01[11557]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun: + May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes in: 468 + May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes out: 0 + May 24 17:29:31 ashley tinc.powercraft01[11557]: Nodes: + May 24 17:29:31 ashley tinc.powercraft01[11557]: server01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options 4 status 0018 nexthop server01 via server01 pmtu 1518 (min 0 max 1518) + May 24 17:29:31 ashley tinc.powercraft01[11557]: End of nodes. + May 24 17:29:31 ashley tinc.powercraft01[11557]: Edges: + May 24 17:29:31 ashley tinc.powercraft01[11557]: End of edges. + May 24 17:29:31 ashley tinc.powercraft01[11557]: Subnet list: + May 24 17:29:31 ashley tinc.powercraft01[11557]: a2:63:0:96:a:c8#10 owner server01 + May 24 17:29:31 ashley tinc.powercraft01[11557]: End of subnet list. + + #----------------------------------------------------------------------- + + tcpdump -n -i br0 broadcast + tcpdump -n -i tun0 broadcast + + #----------------------------------------------------------------------- + + tcpdump -n -e -i br0 icmp + tcpdump -A -p -n -i br0 port 80 + tcpdump -A -p -n -i br0 + + tcpdump -i br0 host 84.245.3.195 -l + + #----------------------------------------------------------------------- + + cat /var/lib/dhcp3/dhcpd.leases + + #----------------------------------------------------------------------- + + # optional + export LAN01=vlan2 + export VPN02=br0 + # /sbin/iptables --append FORWARD --in-interface br0 --out-interface vlan2 --jump ACCEPT + /sbin/iptables --append FORWARD --in-interface ${VPN02} --source 192.168.3.150 --destination 192.168.2.206 --out-interface ${LAN01} --jump ACCEPT + + #-----------------------------------------------------------------------