DNAT without default routeHow to set mark on packet when forwarding it in nat prerouting table?Cisco ASA VPN - Route all internet traffic from remote site through main site's ISPRoute packets from one VPN to anotherSet source address to use tun device does not work (Debian Squeeze)Route traffic for a specific IP through a specific interfaceRoute IP Traffic Based on Process to Different Default Routes / InterfacesIptables DNAT working in my own network, but not through VPNSelectively setting default gateway for traffic forwarded by IP tablesKVM guest can't connect to itself after DNATFixed route for a network interface with two IP aliaseshow does an OS route messages sent to the same port to different sockets?
Is it legal for a bar bouncer to confiscate a fake ID
Fixing obscure 8080 emulator bug?
Who are the Missing Members of this Noble Family?
Can I use trees and other climbable objects to get on Tenser's Floating Disk?
Meaning of 'lose their grip on the groins of their followers'
Teaching a class likely meant to inflate the GPA of student athletes
How to handle (one's own) self-harm scars (on the arm), in a work environment?
Warning about needing "authorization" when booking ticket
A strange trigonometric identity
How to use memset in c++?
Generate basis elements of the Steenrod algebra
Why didn't Voldemort recognize that Dumbledore was affected by his curse?
How come the nude protesters were not arrested?
Heap allocation on microcontroller
What to do when surprise and a high initiative roll conflict with the narrative?
Why can I traceroute to this IP address, but not ping?
US doctor working in Tripoli wants me to open online account
Interval of parallel 5ths in the resolution of a German 6th chord
Why is a common reference string needed in zero knowledge proofs?
Is White controlling this game?
Wordcount in a field (all and unique) - is there a more elegant/optimal way?
Is it safe to change the harddrive power feature so that it never turns off?
How to trick the reader into thinking they're following a redshirt instead of the protagonist?
Can the concepts of abstract algebra be visualized as in analysis?
DNAT without default route
How to set mark on packet when forwarding it in nat prerouting table?Cisco ASA VPN - Route all internet traffic from remote site through main site's ISPRoute packets from one VPN to anotherSet source address to use tun device does not work (Debian Squeeze)Route traffic for a specific IP through a specific interfaceRoute IP Traffic Based on Process to Different Default Routes / InterfacesIptables DNAT working in my own network, but not through VPNSelectively setting default gateway for traffic forwarded by IP tablesKVM guest can't connect to itself after DNATFixed route for a network interface with two IP aliaseshow does an OS route messages sent to the same port to different sockets?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I have a TCP service in a datacenter that is doing filtering and rate limiting based on source IP address. I'd like to move it to another datacenter.
I'd like to provide the same service on an IP address from the new datacenter and forward all traffic on a single port to the old one, so both new and old will work at the same time. I can't just change the hostname, as some clients are using IP address for connecting (sigh) and some are using outgoing connections IP filtering based on IP address (sigh) and it will take weeks to change them.
I know that I can SNAT the connections, but if I do this all the connections will be sourced from the same IP, which conflicts with filtering and rate limiting based on source IP address.
I can DNAT the connections and route them through a VPN tunnel, but this means that the return packets will try to go with the service's default route and service source IP address and will be ignored by the clients.
Is there a way with Linux to somehow mark the TCP packets that were DNAT'ed so the return packets can be routed back through the VPN tunnel instead of the service's default route?
linux networking dnat
asked May 23 at 17:10
TometzkyTometzky
2,41042329
add a comment |
I have a TCP service in a datacenter that is doing filtering and rate limiting based on source IP address. I'd like to move it to another datacenter.
I'd like to provide the same service on an IP address from the new datacenter and forward all traffic on a single port to the old one, so both new and old will work at the same time. I can't just change the hostname, as some clients are using IP address for connecting (sigh) and some are using outgoing connections IP filtering based on IP address (sigh) and it will take weeks to change them.
I know that I can SNAT the connections, but if I do this all the connections will be sourced from the same IP, which conflicts with filtering and rate limiting based on source IP address.
I can DNAT the connections and route them through a VPN tunnel, but this means that the return packets will try to go with the service's default route and service source IP address and will be ignored by the clients.
Is there a way with Linux to somehow mark the TCP packets that were DNAT'ed so the return packets can be routed back through the VPN tunnel instead of the service's default route?
linux networking dnat
asked May 23 at 17:10
TometzkyTometzky
2,41042329
add a comment |
I have a TCP service in a datacenter that is doing filtering and rate limiting based on source IP address. I'd like to move it to another datacenter.
I'd like to provide the same service on an IP address from the new datacenter and forward all traffic on a single port to the old one, so both new and old will work at the same time. I can't just change the hostname, as some clients are using IP address for connecting (sigh) and some are using outgoing connections IP filtering based on IP address (sigh) and it will take weeks to change them.
I know that I can SNAT the connections, but if I do this all the connections will be sourced from the same IP, which conflicts with filtering and rate limiting based on source IP address.
I can DNAT the connections and route them through a VPN tunnel, but this means that the return packets will try to go with the service's default route and service source IP address and will be ignored by the clients.
Is there a way with Linux to somehow mark the TCP packets that were DNAT'ed so the return packets can be routed back through the VPN tunnel instead of the service's default route?
linux networking dnat
asked May 23 at 17:10
TometzkyTometzky
2,41042329
I have a TCP service in a datacenter that is doing filtering and rate limiting based on source IP address. I'd like to move it to another datacenter.
I'd like to provide the same service on an IP address from the new datacenter and forward all traffic on a single port to the old one, so both new and old will work at the same time. I can't just change the hostname, as some clients are using IP address for connecting (sigh) and some are using outgoing connections IP filtering based on IP address (sigh) and it will take weeks to change them.
I know that I can SNAT the connections, but if I do this all the connections will be sourced from the same IP, which conflicts with filtering and rate limiting based on source IP address.
I can DNAT the connections and route them through a VPN tunnel, but this means that the return packets will try to go with the service's default route and service source IP address and will be ignored by the clients.
Is there a way with Linux to somehow mark the TCP packets that were DNAT'ed so the return packets can be routed back through the VPN tunnel instead of the service's default route?
linux networking dnat
linux networking dnat
asked May 23 at 17:10
TometzkyTometzky
2,41042329
asked May 23 at 17:10
TometzkyTometzky
2,41042329
asked May 23 at 17:10
TometzkyTometzky
2,41042329
asked May 23 at 17:10
TometzkyTometzky
2,41042329
asked May 23 at 17:10
TometzkyTometzky
2,41042329
2,41042329
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
There are various ways to implement what you want. Draw your network topology.
Simplest way
It requires only single DNAT rule on the S2 (server in the new DC) and additinal routing configuration on the S1 (server in the old DC). But it also requires what your app accept the requests on the VPN tunnel address too.
The S2 server iptables configuration:
iptables -t nat -A PREROUTING
-i eth0 --dst <S2.IP>
-p tcp --dport <APP.PORT>
-j DNAT --to-address <S1.TUN.IP>:<APP.PORT>
Also, you should enable the forwarding on the S2 server (use the sysctl -w net.ipv4.ip_forward=1 command to enable it).
Verification: use the ip route get <S1.TUN.IP> from 8.8.8.8 iif <S2.IFACE> and ip route get 8.8.8.8 from <S1.TUN.IP> iif <S2.TUN.IFACE> command. It should return the valid routes.
The S1 server routing configuration:
ip route add 0/0 dev <TUN.IFACE> table 1
ip rule add from <S1.TUN.IP> lookup 1 pref 1000
LINUX replies on the request from the same ip address, on what request has been received.
Verification: use the ip route get <S1.TUN.IP> from 8.8.8.8 iif <S1.TUN.IFACE> and ip route get 8.8.8.8 from <S1.TUN.IP> commands. It also should return the valid routes. Maybe you will see something like invalid cross-device link. In this case you should tune the rp_filter on the vpn tunnel interface.
Detailed explanation:
- Client sends the request in form of
<C.IP>:<SOME.PORT> -> <S2.IP>:<APP.PORT>. S2server receives this request, rewrites the destination to<S1.TUN.IP>. It happens before routing, so after this step the packet will form of<C.IP>:<SOME.PORT> -> <S1.TUN.IP>:<APP.PORT>.S2forwards the rewritten request through VPN tunnel due the routing table.S1receives the request through VPN tunnel to<S1.TUN.IP>address.- Your app on
S1serves the request and replies to client with source address<S1.TUN.IP>. The reply is<S1.TUN.IP>:<APP.PORT> -> <C1.IP>:<SOME.PORT>. - By routing rule all packets with source address
<S1.TUN.IP>routes by the routing table1. So, the replied packets from your app will be sent through VPN tunnel toS2server. S2receives the replies, make reverse translation of source address, rewriting it from<S1.TUN.IP>into<S2.IP>. After this reply becomes into<S2.IP>:<APP.PORT> -> <C.IP>:<SOME.PORT>.- The rewritten replies are being forwarded back to client to
<C.IP>destination address. - The client receives the reply as expected.
To troubleshoot you can use the tcpdump.
There is other way, that is more complicated. I'll describe it if you need.
answered May 24 at 10:31
Anton DanilovAnton Danilov
1,5721712
add a comment |
This was answered in a different post, though the OP's question was not exactly the same.
How to set mark on packet when forwarding it in nat prerouting table?
The first code block shows how to mark packets that are being DNAT'ed in PREROUTING.
Hope this helps, cheers!
answered May 23 at 20:25
Count DookyCount Dooky
12
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f968601%2fdnat-without-default-route%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
There are various ways to implement what you want. Draw your network topology.
Simplest way
It requires only single DNAT rule on the S2 (server in the new DC) and additinal routing configuration on the S1 (server in the old DC). But it also requires what your app accept the requests on the VPN tunnel address too.
The S2 server iptables configuration:
iptables -t nat -A PREROUTING
-i eth0 --dst <S2.IP>
-p tcp --dport <APP.PORT>
-j DNAT --to-address <S1.TUN.IP>:<APP.PORT>
Also, you should enable the forwarding on the S2 server (use the sysctl -w net.ipv4.ip_forward=1 command to enable it).
Verification: use the ip route get <S1.TUN.IP> from 8.8.8.8 iif <S2.IFACE> and ip route get 8.8.8.8 from <S1.TUN.IP> iif <S2.TUN.IFACE> command. It should return the valid routes.
The S1 server routing configuration:
ip route add 0/0 dev <TUN.IFACE> table 1
ip rule add from <S1.TUN.IP> lookup 1 pref 1000
LINUX replies on the request from the same ip address, on what request has been received.
Verification: use the ip route get <S1.TUN.IP> from 8.8.8.8 iif <S1.TUN.IFACE> and ip route get 8.8.8.8 from <S1.TUN.IP> commands. It also should return the valid routes. Maybe you will see something like invalid cross-device link. In this case you should tune the rp_filter on the vpn tunnel interface.
Detailed explanation:
- Client sends the request in form of
<C.IP>:<SOME.PORT> -> <S2.IP>:<APP.PORT>. S2server receives this request, rewrites the destination to<S1.TUN.IP>. It happens before routing, so after this step the packet will form of<C.IP>:<SOME.PORT> -> <S1.TUN.IP>:<APP.PORT>.S2forwards the rewritten request through VPN tunnel due the routing table.S1receives the request through VPN tunnel to<S1.TUN.IP>address.- Your app on
S1serves the request and replies to client with source address<S1.TUN.IP>. The reply is<S1.TUN.IP>:<APP.PORT> -> <C1.IP>:<SOME.PORT>. - By routing rule all packets with source address
<S1.TUN.IP>routes by the routing table1. So, the replied packets from your app will be sent through VPN tunnel toS2server. S2receives the replies, make reverse translation of source address, rewriting it from<S1.TUN.IP>into<S2.IP>. After this reply becomes into<S2.IP>:<APP.PORT> -> <C.IP>:<SOME.PORT>.- The rewritten replies are being forwarded back to client to
<C.IP>destination address. - The client receives the reply as expected.
To troubleshoot you can use the tcpdump.
There is other way, that is more complicated. I'll describe it if you need.
answered May 24 at 10:31
Anton DanilovAnton Danilov
1,5721712
add a comment |
There are various ways to implement what you want. Draw your network topology.
Simplest way
It requires only single DNAT rule on the S2 (server in the new DC) and additinal routing configuration on the S1 (server in the old DC). But it also requires what your app accept the requests on the VPN tunnel address too.
The S2 server iptables configuration:
iptables -t nat -A PREROUTING
-i eth0 --dst <S2.IP>
-p tcp --dport <APP.PORT>
-j DNAT --to-address <S1.TUN.IP>:<APP.PORT>
Also, you should enable the forwarding on the S2 server (use the sysctl -w net.ipv4.ip_forward=1 command to enable it).
Verification: use the ip route get <S1.TUN.IP> from 8.8.8.8 iif <S2.IFACE> and ip route get 8.8.8.8 from <S1.TUN.IP> iif <S2.TUN.IFACE> command. It should return the valid routes.
The S1 server routing configuration:
ip route add 0/0 dev <TUN.IFACE> table 1
ip rule add from <S1.TUN.IP> lookup 1 pref 1000
LINUX replies on the request from the same ip address, on what request has been received.
Verification: use the ip route get <S1.TUN.IP> from 8.8.8.8 iif <S1.TUN.IFACE> and ip route get 8.8.8.8 from <S1.TUN.IP> commands. It also should return the valid routes. Maybe you will see something like invalid cross-device link. In this case you should tune the rp_filter on the vpn tunnel interface.
Detailed explanation:
- Client sends the request in form of
<C.IP>:<SOME.PORT> -> <S2.IP>:<APP.PORT>. S2server receives this request, rewrites the destination to<S1.TUN.IP>. It happens before routing, so after this step the packet will form of<C.IP>:<SOME.PORT> -> <S1.TUN.IP>:<APP.PORT>.S2forwards the rewritten request through VPN tunnel due the routing table.S1receives the request through VPN tunnel to<S1.TUN.IP>address.- Your app on
S1serves the request and replies to client with source address<S1.TUN.IP>. The reply is<S1.TUN.IP>:<APP.PORT> -> <C1.IP>:<SOME.PORT>. - By routing rule all packets with source address
<S1.TUN.IP>routes by the routing table1. So, the replied packets from your app will be sent through VPN tunnel toS2server. S2receives the replies, make reverse translation of source address, rewriting it from<S1.TUN.IP>into<S2.IP>. After this reply becomes into<S2.IP>:<APP.PORT> -> <C.IP>:<SOME.PORT>.- The rewritten replies are being forwarded back to client to
<C.IP>destination address. - The client receives the reply as expected.
To troubleshoot you can use the tcpdump.
There is other way, that is more complicated. I'll describe it if you need.
answered May 24 at 10:31
Anton DanilovAnton Danilov
1,5721712
add a comment |
There are various ways to implement what you want. Draw your network topology.
Simplest way
It requires only single DNAT rule on the S2 (server in the new DC) and additinal routing configuration on the S1 (server in the old DC). But it also requires what your app accept the requests on the VPN tunnel address too.
The S2 server iptables configuration:
iptables -t nat -A PREROUTING
-i eth0 --dst <S2.IP>
-p tcp --dport <APP.PORT>
-j DNAT --to-address <S1.TUN.IP>:<APP.PORT>
Also, you should enable the forwarding on the S2 server (use the sysctl -w net.ipv4.ip_forward=1 command to enable it).
Verification: use the ip route get <S1.TUN.IP> from 8.8.8.8 iif <S2.IFACE> and ip route get 8.8.8.8 from <S1.TUN.IP> iif <S2.TUN.IFACE> command. It should return the valid routes.
The S1 server routing configuration:
ip route add 0/0 dev <TUN.IFACE> table 1
ip rule add from <S1.TUN.IP> lookup 1 pref 1000
LINUX replies on the request from the same ip address, on what request has been received.
Verification: use the ip route get <S1.TUN.IP> from 8.8.8.8 iif <S1.TUN.IFACE> and ip route get 8.8.8.8 from <S1.TUN.IP> commands. It also should return the valid routes. Maybe you will see something like invalid cross-device link. In this case you should tune the rp_filter on the vpn tunnel interface.
Detailed explanation:
- Client sends the request in form of
<C.IP>:<SOME.PORT> -> <S2.IP>:<APP.PORT>. S2server receives this request, rewrites the destination to<S1.TUN.IP>. It happens before routing, so after this step the packet will form of<C.IP>:<SOME.PORT> -> <S1.TUN.IP>:<APP.PORT>.S2forwards the rewritten request through VPN tunnel due the routing table.S1receives the request through VPN tunnel to<S1.TUN.IP>address.- Your app on
S1serves the request and replies to client with source address<S1.TUN.IP>. The reply is<S1.TUN.IP>:<APP.PORT> -> <C1.IP>:<SOME.PORT>. - By routing rule all packets with source address
<S1.TUN.IP>routes by the routing table1. So, the replied packets from your app will be sent through VPN tunnel toS2server. S2receives the replies, make reverse translation of source address, rewriting it from<S1.TUN.IP>into<S2.IP>. After this reply becomes into<S2.IP>:<APP.PORT> -> <C.IP>:<SOME.PORT>.- The rewritten replies are being forwarded back to client to
<C.IP>destination address. - The client receives the reply as expected.
To troubleshoot you can use the tcpdump.
There is other way, that is more complicated. I'll describe it if you need.
answered May 24 at 10:31
Anton DanilovAnton Danilov
1,5721712
There are various ways to implement what you want. Draw your network topology.
Simplest way
It requires only single DNAT rule on the S2 (server in the new DC) and additinal routing configuration on the S1 (server in the old DC). But it also requires what your app accept the requests on the VPN tunnel address too.
The S2 server iptables configuration:
iptables -t nat -A PREROUTING
-i eth0 --dst <S2.IP>
-p tcp --dport <APP.PORT>
-j DNAT --to-address <S1.TUN.IP>:<APP.PORT>
Also, you should enable the forwarding on the S2 server (use the sysctl -w net.ipv4.ip_forward=1 command to enable it).
Verification: use the ip route get <S1.TUN.IP> from 8.8.8.8 iif <S2.IFACE> and ip route get 8.8.8.8 from <S1.TUN.IP> iif <S2.TUN.IFACE> command. It should return the valid routes.
The S1 server routing configuration:
ip route add 0/0 dev <TUN.IFACE> table 1
ip rule add from <S1.TUN.IP> lookup 1 pref 1000
LINUX replies on the request from the same ip address, on what request has been received.
Verification: use the ip route get <S1.TUN.IP> from 8.8.8.8 iif <S1.TUN.IFACE> and ip route get 8.8.8.8 from <S1.TUN.IP> commands. It also should return the valid routes. Maybe you will see something like invalid cross-device link. In this case you should tune the rp_filter on the vpn tunnel interface.
Detailed explanation:
- Client sends the request in form of
<C.IP>:<SOME.PORT> -> <S2.IP>:<APP.PORT>. S2server receives this request, rewrites the destination to<S1.TUN.IP>. It happens before routing, so after this step the packet will form of<C.IP>:<SOME.PORT> -> <S1.TUN.IP>:<APP.PORT>.S2forwards the rewritten request through VPN tunnel due the routing table.S1receives the request through VPN tunnel to<S1.TUN.IP>address.- Your app on
S1serves the request and replies to client with source address<S1.TUN.IP>. The reply is<S1.TUN.IP>:<APP.PORT> -> <C1.IP>:<SOME.PORT>. - By routing rule all packets with source address
<S1.TUN.IP>routes by the routing table1. So, the replied packets from your app will be sent through VPN tunnel toS2server. S2receives the replies, make reverse translation of source address, rewriting it from<S1.TUN.IP>into<S2.IP>. After this reply becomes into<S2.IP>:<APP.PORT> -> <C.IP>:<SOME.PORT>.- The rewritten replies are being forwarded back to client to
<C.IP>destination address. - The client receives the reply as expected.
To troubleshoot you can use the tcpdump.
There is other way, that is more complicated. I'll describe it if you need.
answered May 24 at 10:31
Anton DanilovAnton Danilov
1,5721712
answered May 24 at 10:31
Anton DanilovAnton Danilov
1,5721712
answered May 24 at 10:31
Anton DanilovAnton Danilov
1,5721712
answered May 24 at 10:31
Anton DanilovAnton Danilov
1,5721712
1,5721712
add a comment |
add a comment |
This was answered in a different post, though the OP's question was not exactly the same.
How to set mark on packet when forwarding it in nat prerouting table?
The first code block shows how to mark packets that are being DNAT'ed in PREROUTING.
Hope this helps, cheers!
answered May 23 at 20:25
Count DookyCount Dooky
12
add a comment |
This was answered in a different post, though the OP's question was not exactly the same.
How to set mark on packet when forwarding it in nat prerouting table?
The first code block shows how to mark packets that are being DNAT'ed in PREROUTING.
Hope this helps, cheers!
answered May 23 at 20:25
Count DookyCount Dooky
12
add a comment |
This was answered in a different post, though the OP's question was not exactly the same.
How to set mark on packet when forwarding it in nat prerouting table?
The first code block shows how to mark packets that are being DNAT'ed in PREROUTING.
Hope this helps, cheers!
answered May 23 at 20:25
Count DookyCount Dooky
12
This was answered in a different post, though the OP's question was not exactly the same.
How to set mark on packet when forwarding it in nat prerouting table?
The first code block shows how to mark packets that are being DNAT'ed in PREROUTING.
Hope this helps, cheers!
answered May 23 at 20:25
Count DookyCount Dooky
12
answered May 23 at 20:25
Count DookyCount Dooky
12
answered May 23 at 20:25
Count DookyCount Dooky
12
answered May 23 at 20:25
Count DookyCount Dooky
12
12
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f968601%2fdnat-without-default-route%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
