From 3ca97b6feca8f89502ebe709756973c9a6a145d9 Mon Sep 17 00:00:00 2001 From: waldek Date: Sun, 2 May 2021 22:52:31 +0200 Subject: [PATCH] adds networking exercise --- modules/resources/exercise_networking.md | 75 ++ modules/resources/network_basic.dia | 429 ++++++++++++ modules/resources/network_basic.png | Bin 0 -> 7800 bytes modules/resources/network_large.dia | 837 +++++++++++++++++++++++ modules/resources/network_large.png | Bin 0 -> 17898 bytes 5 files changed, 1341 insertions(+) create mode 100644 modules/resources/exercise_networking.md create mode 100644 modules/resources/network_basic.dia create mode 100644 modules/resources/network_basic.png create mode 100644 modules/resources/network_large.dia create mode 100644 modules/resources/network_large.png diff --git a/modules/resources/exercise_networking.md b/modules/resources/exercise_networking.md new file mode 100644 index 0000000..3ea0ff6 --- /dev/null +++ b/modules/resources/exercise_networking.md @@ -0,0 +1,75 @@ +# Essential Networking on Debian + +VirtualBox has multiple options when it comes to it's networking settings. +We've already used two different ones, *NAT* and *bridged*, but we'll now try to create our own *internal* network. +For this we'll need a few minimal Debian installations. +I invite you to install at the least two basic installations. + +* One will become our router +* The other one our first client + +## Static routing + +The most basic way of setting your network settings in Debian can be found in the `/etc/network/interfaces` file. +When you open it you'll notice it mentions it sources a folder called `interfaces.d`. +The choice is up to you whether you set your networking settings in this file or create a new file in the folder but I advise you to go for the second way. +Don't just *copy/paste* the code below, check whether the interface names and ranges make sense! + +```bash +auto eth0 +iface eth0 inet static + address 10.0.0.1 + netmask 255.255.255.0 + gateway 10.0.0.1 +``` + +![overview](./network_basic.png) + +If you set both machines with addresses in the same range, you should be able to ping each other. +Have a go at this until you can make it work. +Which service do you have to restart of reload to apply your changes? + +## Forwarding traffic + +One of our machines is supposed to be a router and the other a client. +Right now we can just ping between both machines but the outside world is completely invisible to us. +How can we tackle this? +Do we need more equipment? + +An overview of what we would like to accomplish can be seen below. + +![overview](./network_large.png) + +In VirtualBox we can add more than one network adapter. +On the router machine I would like you to add a second network interface and set it to *bridged mode*. +When you reboot you should notice you have two network cards. +Can you ping outside of your network now? + +You could try and add a dhcp configuration to your `/etc/network/interfaces` file for this second interface. +Once this is done, how do you ask for an IP address from the dhcp server? +Have a look at the `dhclient` program to see how it works. + +Now, if everything went OK your router should have two IP addresses, one in the 10.0.0.0/24 range and one in the 192.168.0.0/24 range. +Who gave you this second address? +Can the client ping both IP addresses? +Can the client now ping outside of the network? + +There are **two** main things you need to do in order for the router to actually route. + +1. IP forwarding needs to be setup on the router +2. NAT needs to be enabled + +```bash +sysctl net.ipv4.ip_forward=1 +iptables -t nat -A POSTROUTING -j MASQUERADE +``` + +These settings won't save themselves so next time you reboot they'll be missing. +There are multiple ways of setting this up. +Have a look around and find me a good solution! + +### Extra Challenge + +Your client machines are now behind a NAT. +Can you think of a way to ssh into them? + diff --git a/modules/resources/network_basic.dia b/modules/resources/network_basic.dia new file mode 100644 index 0000000..21b4bae --- /dev/null +++ b/modules/resources/network_basic.dia @@ -0,0 +1,429 @@ + + + + + + + + + + + + + #A4# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #Your Windows workstation# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #Your Debian ROUTER# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #Debian CLIENT 1# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/modules/resources/network_basic.png b/modules/resources/network_basic.png new file mode 100644 index 0000000000000000000000000000000000000000..029f5f9317f190915084f1a8c5083d127d2875e8 GIT binary patch literal 7800 zcmc(kby$?&y08b8ltw~85CxI$lmP_kQfg?VbLeiBP*S8jl?JH+q@<<0X6Wvb7#ijb zxcB~@@7sHy>zwob@m+IWYvzx&p0(EVzVp8KbFWXYm1Xd7C~*J)0G^!eD^&mhZ4mVv ziFF6nQjqtUp}sJT6=YrkkT;*q#=IB+fQC)()k}4c)ZJN6J@wUV%-`#MxNVO!pVzZ4 zg|e7GefKNUJlRO|3AZv5jP(I1vFH0jzA^PK8tWZ!hkncYaR8z@{R^B^`lKrg(F< zRxfV=r)?2z6);E1oqDAg`>!$W_4v1YANLw4l>I8aPI^RcJK&z~_pNyAnsGkD3NCo| zifPd`$v^9Ko#|NdaMEgLrAFXXrx~(dp4@L}Pr?6~f;kt=m#(m~Ru-&pCk0Z7DU?B)>91snnpYDBkv-=@c*K1E zN`SYCpCQP%)U75E8B<^GvqP%YuU}l%CKCFls-G=PCym=TZ9p~Yt=IQ}{K8Bs%2;%9 z&3*8-gSly(j=R%+Q-E!do4n8yq|L5)(U9jb9QWWmk#-Y8U#`Cuy;0&lwH^IeGN-`L z6=8Cqb4C60P*ye}NoB0)D^Jm{mg1HHcxvk(z8hQ7f>TAN+N9|#Hi^&Qw9ccJOc!?& z$wmQf{17B{F@Of&ZF*BlslB%uT*)RXJl8beHHq5tG=kK?Tp|Nevl{rhC+t2jjqwo& zT_B4hOmG4=+u1tO6oP~y0^<+<KF%BC$El5-LNA{enjK7 zcGINl@E%n^Qr?b<^m%UA`#dG!jOwDS!FHH&||t6QCO z>&j-mlh%lXR*7d(YTOsR`$JzoLl9bLW#Jhe&rU#5f{8^XnqhCCS1FxFJe z!CBt=?XSKvdxep@JaD1m(Z)wo2mx?Pi%}CP`4@W9gYcEHik6l}7(R~YVpQ(^!Kv1< zT(L**CA|*fSd}(TUb>6{yrb(%JXCW}MpFcww5R(eG3`&;=N_z%zcd}U+UT;Gb6h8q z_*fi0&3*hb%hxVlfz6cmYw94DUd7v?jP;T9iZdp;nu`#0C}$v1Xdn6-xR_09ZC3=N zk*bn?q|WZ})h;omZgmA-E3moT#AhfR+2Hqlvq(TViAZ8hC3DZVZ}&VxU#MulBc?z_ zqluW=;;U&}p&o^}GaZ=f`^NHkTVG)f2*lI6CiXem+r_aIDu1c0|AJ`qgU`6VLb{2J zj9Fc`3l35vQ_IF9aoL73?7H^?n=HTCT7@fNQgv)S+76z6u{-sxcs;C)oC6+Rx_QovCII z^-7-KZu5Qd-j0oO?@;yUM|ZI~7Eg8L&)6Rf`7^H({2zDD_wX2@uZj~lN1KFI$5jFd zCFJe)E*xqTiXvoxF7NAGFvf{6KUY0d&A++4Mb_GY{@^N&p!E$?!}Pc$5F$O^Vz&PY z{s6v6E7m<9Z7H+yix@U9b@laa%F*%+SY%u{aCGe`kuz* zC>c!rOlj!ahG)$0(LZQ-0z97hs6wi=)5-Xg6Sv^3 z^l3`D@7hi*jSaCqd3=wSr<>mQhrJbnV^o^{k_E}60F9|bb)q90p1JLlMD!P>Kvs@k zB%9kJ$lW0Mx3qxhqB~+sBf1J+f3(!|<)XRWmlBzv7}J5k#)C8x*D!SepAV(e1!6Tw zV36+2I?y-!TfW7N81x}L^0Tpphf$Hko6l;q=^3s18NEp@O8A6zCHf3;sPud`4kgK6 z((Q>fSy+m9G$qn9U$(WIqn_c>r<=8A7yfl>TF*>`Xe4_wfJMd4s^bc;%dHvu>Q!cZ z?G!R-p9K55Fh_x1?lc^`Jxc7O63D0sBy5dKh^;Vx!otFmrRar7F*Cf@;p_U*wq^Gm zY>qzES~wEVCATFIl{t7RIWOG}i9Gsl2Lt!La6zNRfbM-KGaKJH}=fefx7}o z>x_u*_Nx!X6B@75uIcahF>_W$1rSz}x83OvHTw{Js{Q;MDW{p!Mf=yMUT)vruyu5Q zpGQt%N8<5E_Aun@R3GFm@O#-T%`H^9hx7?1v#E)qb@E^4)IExdaN=D~y67@Rc-W7s zt}heK!nEC~j~0VO+kAsUrN$q{zj@(Yokl9IVEll#g*P-^6BD$82C%+Yjf_rbAD$F> zet7g?+ZzY)R%fUN9gvA;bsr#pcZ3WOfRW3F0uWhU0D$sdA>8g!*Phb4-hBY4Rz4UF zVEI}N#!O)ko)Wfp23VrMhTQ=S1yudJ@t+|80Po|QVdBt#*O5~HE-q-~4#4u6o+A-z zb{As6f7ShVUH_f9wM{qM_|tCC1O8u^c{{Iz?@dmH{7-jZ=9he z!N}2*2jZk-H#^US@X>X8SCOc<4ZqC^fc~Gk{c8_Dg|MI9lPN_z!m7Smaz0o|c66Xd zL%p3CJHpwu!zb&e20tibN+IN0B z<^dDzm1byXI+pfJVhsDzNG_c^3!F2~wFOYCaE7PMMEnb%4v(za${&0$C>N6d{ z8I4BaN+`i%tjb+q-KU+LxOqym)(!rAFZsS|pf3~BR9@|5{_4)ad^W&jC}8H>9Zq6% zCp}FY=(%}ZSwq8(e`SzVcO52`rR<}6)_Z9{G+1Nq2UM5EGU74$(4Z_ed*xZU>pyw! z!HB`?-gxTT3P+bbe&8bpQEDUI51dd2e#qhXa*qxRVTB5^iSUcd)@B#M$T>pK7DpN_ zz`_?QdeuT+wggh2egW%<1-RU7S~G&y^h5eS&0crEW~50WBAG(&L`npKaiDaW-9j<2&_M#ntmqYd_kV`41=B0 z{jkiU9Tu#v2Nm=e@b5gcCnua5=jr#q0E> zqJemRVXD%G1?b*YK}D13-C}IIgCib`%KFI2BS?O=uWd*a)x_FX!3x<9`D8lA$i&C- z2asQSmVt4|o>Ohx)=jstW%7of&7PJ>#PuPP&m^<)SF7jm8Kug41E~8-=~gY@VLAzL z7WO9hrTTB%M>~nxtzE?;R|}BXrm!VZEQd;BogW1H*WDXk^R!Kxa#(b)hTJ=Uc=`>H zkwrGq+9r+*?aqs>eU~TiN`xV(>YX&3!x+^vG-v6LE*=Y82Q>bg(G+1Cx!CNds>7pY zZYHOCY)X;-%V^;;rR@ayy_PnEu$4@nmKc-q;)jal!h&fpFjiDm6fHu%q%_p>7vw_E zWKcQ&S`@(^BA zAtNEVjr!i{A_6QmyjBpZX66s9!QkeM48u$88~D>JwFGMVi{c3*VZEHVYBhZPrHB zPYw9TkXOl|*X|nJRt9t?7W41AetU{MNtpbRV6y7ex?JSD6*{iLqL4ZqZDmU-tGhh$ z-Clvw83^pqaec>SP_vv8{C5J2V>&3V*KTi_ekVimE`XybzZjY@l`SLX>c)cSp0`d; zfQ+5x60F6{fUhi>@);*oO-vK)#P}|TwjCYp^igY%<2voFI-mfq+T>&Zl&G_td=%fO zn)?c7#Ud}*r^3yu%YdFwWcH8PQlw2w4I3C!7y{=HSF`Ng{ZEhOOXlu^P7hl~8J3Lb z+;9iGJ3g6On08z5vGnx$*v<}5S9rp|3g280WwzwHU^3u0{-*AGja}g<=Rot8NE?FQ z-UI(I{nPQZgl7%I5h|zpjb0k`yBF+@wG}JZ9F7^CNCvg$DoWc`XDhF*xsIGCH5$@( zS__QymvbcMr}|g6ntJkUF`*SQNuWp{e!t;z;|_=Eh_ZxE{XPzs7=yVAQ-xq;twRlz ztNowZXnJhDcPc{X+Apdq0#zc?z1paMI|_@_?TXU%-)asri(~MdY&JYz3%{3eM)l2g znIye8zeY0b#Q$Kr07 zrKOIKO5?BE+BRwZiPc;L58H*gQkF}JZvGS)71_!qY+m}qFbf=`UA3~s-1TGhdht({qFEYFs zO15wWfcn|v`_$o+yB?edvakucwp51d3XLbxV|rc~?`(c8x5(0gBXrv)0@s8Twxq$0 z$d?P02OgZ#sJ@a#sSG{YkU6n&j8e_fHjmjz%$yHZe8zl1B@iJ6$|$IpK=#6&A=2Cu zM;nO&V%ImiaQ1ub0m_yxc$^LMxN4&Vr^EEtHW<(S6yI$LWdTYal-l3-GPh)`qP+0n z)Y_m=OiivS&9>9XG8gY{gyFFjhWm<8aOajVjnF#~RZ9!d;HHu_&%V{m=qXPr)O3EI zr^RYF^>duwIt3y&#yT{V-80qoVNnun^MkU;fl0j@@Jx1lo*_n7RmYe{n4S!C(;G)R z$0(=>JZ7E#3t?^4QOM^n*!iIxHDb#eR2y5QBY7cQTpopaH_sIu)>DosI4PZgG)`S= zP$>sl?ku-_&VryzSTnF*2|%*+{ePlnYZ=LgbQI0~phE}fJg~l@xvFg#|HQ0~(_~o^ zr442Fjw()w9^go}z6#9RaTI4Ks{!C7)5(YdbYe9VU}d^*+!F8hZF@^}eAR6Dl4yX9 zd$-a4qPo9`_hr8jcChm|wt+|hASd{CP(+i$xA`Bca0Fi)XYBwA6-i3vb8y-?&(rS! zs)&`Eo4^XA_Am8cSiG6KBYwEKa1QB@diz26POujlK*j?b-kUxF z%9-{GSXYL7tUd|hgc5?0ZNr=Z%QvU`75>jlocE=;0Ylh6&NZUdjp%@YXX1=6>!6M3 z^c(ib!vjOE1o*WSZD+LX5?m1cM7?xBWT2KIm4uc4ta46w%(c+};hpODSTB* zu2XYfCj4(``66^@g0g%(|4K#I+HgfMGKO3a$^}Ox{Fu_l2?FobUqtCTo@#RSmZR^t z!94nuit>@Hh4#gs(tIAuql2-a*#Y+quZoW)USylwzEE7Ki;O`PhhDC!E|=zVWc;{+ zQpcH)ozJTKred1%`%RzsZTn9+@owIwHDV|0pa%*(^m)r54!lRP4Fawwy6oo{>b<0? zsU(8OwOyBql7{%Z+osnd>t0JOCEf$L+5$Q;At2z>O5rg2z~4}a|Ml*{phZv#_2Xh! z(7&K#&5LVm^A^YH3PDvrksePUGqsFl$_*GLSFn*FcuRBi%*NV!Op`z)t6FVvAwObH ze`Sd-j9>YF6doaQ>BiP^N0_l+tqWW`W#F0w1dgPENxs2!QYmd$3ZG5>ZIR_UN#|@_ zRJ)#Y}?rfg?(p8)sgO7`|JM`$ail zL`H_~<#*=r7E3RoY6Z1bj&tmDeYsDIE}?`HSX}TWs`43u_k^uL+fM$4I%O?N598em zV2p~Qvp^qyfzbdCZwDuC={GFO%A*L6{wqKE1F(=0d^h>Gbrr8q9({AIIPtnO;z|Hy z$PB_QlD*W!$&&6zhaY+S5X?vcxfSG*BJA4Tj%o(a&Xn$PB3`aGK`6%tv>HM!* z(v_y?1{=K@FP=?$9(b3dNqkGb!9~959zm(gc^P(@c>il}Pql=(?ANeA_$XFRQ3l&r zY7>nWrQh9!9Kr9PPoKSI$xs+oJ7K3Gtt;VnYP%yww|J7y*#_UTs9aLz&QOm9_B1%H zRPKjGlClK%+W9o{?iu@OCmkKcGw5<(b_LasE8~7lhS5NjeHIG|xGPz~$3WiJ~!KMsCzir(LSthTB3$Fw5Gt|RZZjyl`PMM?@5?VNoy@ntF1wPgD3oKje;!M z-iqbFG%nA*QSM1cAxf^3_fL?MQZc3W)NSXn;p9V!Nd_iCm{3u?sYCZvGc0Pq|k=Fqe1l1*uqmXos*N>_Z zd##LmfV81}NJmY_UjUZbiavxgN|_eHZdYg~v;-ImO5m{2Z-@e+OE$7Fjf9$|tx9nn zI|0rrI6egm%}h}W=}kYC*37B4>qng&Dgq3A6ozH1gKCpsfk#CbC;l~i^=nw^u&C9C zhJ;Sm%rW64%ajC9;;M1Y4fRMaKeD&JsEn5QC-4e^PS9`s4h@s1%@+C!YUcfnGwjio z0=>4){S0~bGG?;IDh&;sG$1M+Q?NTIjk8WKPO2AmCsQiR{zf-i>yo^eWCwT!-a^qB z`2K33wa(|IcFIEeb{wwsM9yS!82|uHys5(Qf&PV$2-?cyK9p&?jfoJ-K6pI!Xq} NNh!Z7m3aI9KLB~W@5ulF literal 0 HcmV?d00001 diff --git a/modules/resources/network_large.dia b/modules/resources/network_large.dia new file mode 100644 index 0000000..dcb452f --- /dev/null +++ b/modules/resources/network_large.dia @@ -0,0 +1,837 @@ + + + + + + + + + + + + + #A4# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #Your Windows workstation# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #Your Debian ROUTER# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #Debian CLIENT 1# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #Debian CLIENT 5# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #Debian CLIENT 3# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #Debian CLIENT 2# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #Debian CLIENT 4# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #Debian CLIENT 5# + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/modules/resources/network_large.png b/modules/resources/network_large.png new file mode 100644 index 0000000000000000000000000000000000000000..aeddf18f6958a82eca6c900f44884b5df9779614 GIT binary patch literal 17898 zcmdVC1z1&GyEeKMm68S#kd_uvxvCMzoMVnPYL5GP?)#pED9A}*pb?{iKp+gsH)2X4&|M1< z=uQ#JUEqq?qX+mv@xV}8LJV|s`!Bs78Uq4RfF#9Usko)=z}z+P#%GcD+3;|iX$_F? zw`RA+>V=_E(fid@9oJH#5xC;yjaA;&{miJbqpDw8qo7z(7^+^7JHl95R$=?rs<0#(!ppdass%$;3Vyp1o9i+u*cAw5j%N%F!dV5Mu_wBv%aBAXP%j|edlwPB zZB6xzhxqNBx0F&;$p(Rs-i$^;Ls(yYb&G|DMvYa4;?0L-MElLN(4#T4N#+KP>GLCK zhgrg8kC49T`fNd2euL&)@yaWK%2Wz)L0xCEq&&VCLaBHE&RyXSQ5Vh(&wIPq)`)&9 z!ksIBc@#?Ln`uGc7XS1Bc{ z%?dwW=cX_$Z+?7S|7LAQ$1y4MSfF|hoeArbL;+uX*qVC!6<92dX%+9#fz2oErM7#0 z^hwiQ5Ixc)LkR29^dY?2tQ3sgiy1Pk9do`=l9_tv4)V|DVP922_?7uv)tQP(&ubOC zxWaz!ST@7)li<<*8@}QFwr*>6a+cljZXrRsFAJw#`|^aghr$OKNvXY1JMmVNm+%SNEgw*x)&5FH0W8V%e~e_1jVeU{jsT znu5b6E-;xcuB9?Qq3r2P`fe|4oL|K%;ou z-0UiL+bacnn(q{9!-d5VjVxb}JlUE~W4h_oYh1F7orQfj39GAWh#KwJOBJ5xcWaF% zul7pj;e?2ZGzkU9XKpL4vdBGq6dj)|d8}<)Z0uD60(HG|k$QPLV@DyAa9FtEi9Ch~ zbLN7FLG-mxAOjg{I!JXZBlhZg%$g-O;*a!> zNZYbd+7>pqHb{~l+n>m$zV3lF&v^5HHpm$^eLxI;t?b;0< z^gh0S%UaVj%WakaU|QMQ8*||ZPPLE~Y(gvGnZ(tOKAjOS5QaVE0k)t6?~!peb~9cs z)Is!)lKBU#=T0iDvJ>ZEo6JSdnpf&iBp+XG)rQ!%)YJBQ-`MpTZLIKwo>H9oM_&k^ z3z1KG%)Xd!$+k6>y^~ji6o9SdefBdn?iLfl`~+|?1wEcd-EjCQKYQ>Iv`Q3#T9 zdSqqvni#Lyfq2E@)5*?4SfcZ816dF&mu0rPYG9x&yqTqeF72yTWwjW%WY64ojLWm} z+vYOc)YRa_hE0qL~&0VZu1qe7C zaa}%0O%vRpK3E2Ck*3p!vd^7KB{ceOlpU*cL042q_5=MgxxrNm^iRd|6OWN;iq%0N z#%6ahvidu0rgex4Z`tO;!`dkcb=RV+?f!*V%9mv*1(DJ>7u^yOYib-SLg$pbSxAis zv6C=ia&TC(JtT)Og3Lr5N90(i{Ubf!_mkzUaj(~jO!Z0X;2+0{NJTcDdtr6*n+0Jk z;OqI4^V%dePw5ZWc5_jxoqW+4uOschX!Z%}ok&#q>h5i9bDtN4m_)(11Ufi&+Fky*o&L-`cKi>y469EqWQPpvj zNgX32Bg{tj%eTu#f#6yJUlIa=67-+9-I z?N;?}Jp&vO%?H-uB6#|}_Telc5tQ!xeX}BXg>EJ1i^78bURP846fFAPRBcMe8jI^z2 zG4k=20mW|IxF6iq0w?AoG5Pp0sq*PwK~^=xYq7y_!T z@vu8x&AumfF!@H4mYfrTYQl!v1W$R9&zg`yAcA$tYYAK1h}w(6&XiQ$QP_PDXh1Dt?;Z&B_Q50ohCd#b;Q`Q3 zWK0JjKif|^;D6KOtN(CD2q4?JiWT$2ML8E|*>@93Rfg+(Pff*?N=+VE`#9xQ-Pao+2J@h{c zqpE+SYyVcef1OMI#$QwVNAYp;|I{4)wIln8UrY5z@xm1SA1~!Uork~n_pj~#^?|0N zUu*Vf@z(|UOk7SdTy!A6Lu&Q_2yKIFe~tKoGgL!P&O_oji}YJ~* zILXZ}M&qX-kdxrwOywU-==^KrqHW4OYX^4ZC%@l4`Da5?Ea_8oEZS}j)dw~)_U}!s zxY;1GSqLA|yHvub!3`Oi2Hu;2Cp~FdL!%1#*}KnyPPQvv!Ba_P>)VQqEi>1F@ks9M zBl@b4^IsPti4+2_(P8Cuf{mP9Et)nkaNAb9sPBWIsSQknEzwI2ks z48BCe5&7`u=}`E`d!To6=_;_iQ@%?l%tQ`)TSlNeN_O&s7HAUocR=Z3EeVCz(OES= z6@l3Z*#3-slnw&zvl>GUKgj>Oa=RM;^wt0C@()H`PIm2Os0nQVhXy;w=C2KhKax77 zTDr3AMRyWfP*AMp0d$)8;qOKGeR}-0iQnf#*2qcf)ZGG0pm%t`m;1HErrb^~Cb0e$ z#J}79`=@@NDnYm*VgcBpnIkYf4s3Eyb&Bh=9o`Of&_ITkPS%if(eVHR>W&1gQ1f56 zC;p838+d7N5!)>AUg$pg{S%*SAvSV-t`0t-(D>Vp`Nvk_;Fnlg;ZcD*W|P9mfVIZ? zy+LzX_#9CTlrUD8KRtQ9leh!i64v}ygy~x%uwO^{ zrrdyL4M};CgNutQaJfMA*X57fwaV%@UqvZ_rLv*p?1vjPnbQ4kI{<%@GIKQU9<|e9snSm zo*P`d$j5{rciAbwVy49nNdluMCMQ#0Lpp}F5QQXEkbncZVHG5wy(W& z6$Xx_M0cO-cMGET$D&RzG0{BZd!Y!y7NHMqds()3@iCiSO*gY3|vt_EjRNde< zMkerSnn`5P+9>&2Q2KPv<8;vt9$B_1(ouK(V#VQMPioM$XYT?866&kv>%7DCz{rJ= z%U3J&f@zPNSmyk@iiUeDglTCw=c8F_zJ*U6ZN<)Fm~&`tMlvu5psC1RoSMt>Fx#+4 zJ15-ar=etdmvg6Z60&<&XUk8!T|A$Ix;J1w-$~QHUgQrUQovYZ66YUl9JrSTj>#-Z z8>}`}btn6S;~EGAr?>TQ!bo!@KICpA$`s2RoFk@UP6J)R{&bBw*K>6XvrC68UT0Cs zQ7Ko64=tn@k$KpfQ*9(|OBFqgk(%Az@qiatbexzZT;IE! zjEP67pDS-pui{_d>zjMY$o$>5+fP1Uv>$wWv1WLT_;3~P!wmh3EU$6Vc~f{)Y7!Mh zu6Bau)&PAAArHo;dN#o`wIcFUf9_euxj?&(Mw0sHt4ePMq1bR)#>+jKmiW03s|gdQ zN0^hGU#ovOZ`ay{AzVG|KjgA{-gs_R`FdZ?3I)~k`*ZC^q{8!Syzm6-i3qZeXp11_f1x-SB?Vv4d*bENO7Un zv-BYdULMLEG}~#`WgRmk_s?LT!qb5aFwEaA0K54>gN%f=HI%mXHZfgCa+M0eyO1K_ z_w(ed=jH>_QP%b9{ch);MCQ$tr;9QA7bSjW6|B%aU-KlCd$>f5xM=qR zOd0r{;76%LumOX|<@aq49h6-9=!M2Ei!d7dv z_rdh__TJ8Er7zB1OwO89tBW8vk{qlOu$ENxp=^Yk#ooU!FH<{BRJr3SSxdtEa1ymP zT@+7c*zZe0rF!D*JEC%3pQ#4g1vPiwovZ@Bai7z*{q#I<&4AI4Y~QOD>JG;O;(T%h z_SxY3x%1GoF`0?|@9bPl`<~$YyEZ5@we9|*8c2R30%cr*ZP|qUg~i@Fc1O!OlUs7? zA<0L3+hHH-PIIfOj$b1#&b|6IucKor{y~PPBB0lGSeWao*E@3x>9G{y-nA0+t~2Q0 z)`aMs*JoB`TrBk8gr_`88ZsIk69;;?doVUFsH*Q(ve8T)dxA&`=8?3j&N)jU*q+49 zHVm^}f8OKjLdo0M6*Nd+bS_=A&y->DYG`z-I%M{TYG+4&yhOvou^f+yfSbrfNPm2N zGgW{FkT*(0%4bInUqaV@P97nGz4X&tcUzS`@OwGuCr{jMmcOib>-RcW=b%zL?TJe$ z=bcf_`^%efPsi3EJ%SadF7DRr9Od|Xx%F#KP^`}Ast2ZOQO9OKZj#@kI z>ogIJ(xJ;<5Skm_&o`Ch70)&-ceJNbH>4UH z)8D@^ou+X*B<14$+}xsaZt(`A;3v6BXK$|o`$PZJooO;*HcGx%g!G9?VpI%{4h~7+ z^N912#xo705CBA@bXOoh&JX7h-6WQfT%brq*66H!VpODMT1ReAkL6){J`R(RD_xFnOIBRFKTVEK0gRFnif?Fh=qeDM43pIZs(8SVgsf zkMFA;AoS1;Tb?naQ%^~9foRx(vC>}y-C0j}@p_QhBm0@|D6N)QsonzYiMaNgGU$2a z^oe!OY_$Dt;wEpSaw;mY1TJOcXm{56bMk`l@4YkqOAt3STKp1}OIq|h?>$OQ_phB| z#66hGEpi$8H3A?QG`)>|04iYhcfR-6Nc#Wm9r}av)wcfBJUhe@7<&| z44VK)-MZh=s?3rWB|`NsD8Fe)L^h{@P&SwJpJfQ52C>-hs#-W0DfBPBxb8K!)nGK1 z9yV=I#JEf($Ng%~hN5R~*MjvxSTjDq#dxm&5lC3_W04|`K5JCWuwr~=O>HgfPPA=| zcX((nzkS)2A9xc*ymTVS)W!ROr_4jW2F6xcQg*ZFK)t$&YN4f-d|SW@7p{>ZUY{|n z{zk@l>gc4jT+OS*MawrUw6#+}$mN<7986c&rpR7D;U&i6VN!Q4vd~c4k4rbrQe$4e zzs+(r}@oW^Qll%Wa?9g#YF$C~C`hA3dT=w)HoafkL#z}o!cghX8K z3Mc2<-Ou1&;Kh7ysdD$92cVlI;rOxHL6J%BeHNpq%ep@P)+Z3cn-mu(`JuK_?Hu}Y z_a&TC8htz*k#$?s{z&m1lq1-S0O|wk;dwTWrT}aa%V;x=pd&e${9_jQ5v}!J4VBN6 zJU&80uDT4k>TUMzq|4sXS_N_aSykR4I@vL9bD5EbEg}{>c^P-ktxd8)qIE)2edwm= z=uGS3!S>uOL6oZ~V^sJiJe~|KWF)}`hysy9GtHB1jQQ5Xe>%2#iJ(yW%^3y}Uw)nC z^!QYcZBl{sa_sGpVaHaOFcyago0H??=nxPl zsywxxj(7^>U+*}ZKzX#vwfDGgL${ZLJ5p&stc2|i2bMMDTBB0%xsEzEwEg^Y#Q97* zYBq30HrXOfY^wg9Vn8>U|>eA-4$8m-j*Qh>&k3MSoiu zPvi|CPwZ63fZMUs_qNeeN}RGF`px(J3ANE2So9b-`DpBF3_MA_@VZ+0ESE+zq6P^~ zpUPN5o#k$m#&-jc#^O{=+VC6Xve*#Eh?R-%Qu~@{pm@)CRaar+qBbW`W|$c!5LqBG{Or;s zzJNSlm9r`xAn5Iv6@C-+%xbGckH#K-*)~Y*LMnI$b!FQUm$e)gsgu?b%^nweM*GFX zbvdK?l&D7B3SkKIfzIs)Eh7#wU zA|a?dWD+N$tCm+FGoXX{28!UyogN1d=n75qrZe7b|wz zDFb%v*UdLQl8?Iix9c>yBei`*UN}bSFX58>88XOt%7qg4TyD-&K_5{zZ&v>uN35yt zT@h54gwR~gKD%6Pm2ob8$;$3Z*7!VDz;VzmO)NOML|3r3H{MySw+2irsh;p`ExQ!` z86y)BL0V=R65cobHt(bTnEWi|Z{citHFV_f#*}H>dF8Cuj#uYDI}W)5i~}p~fKp-{ zYc-9Vh$FHv3^kovELBd<>?xBRd=z@<=w^Y% zxv6O#p;ZG#l?23PYHxf_LgrPZrN0tvQly?Elq6yV?(b#zniI3`_l_R^{g@KF^8CkLAOP6`cvrV2ngtcrNz;L*;aiC!#M z>dlv}R*U@k;A_l^zU&~_C*yRs?YvhTPwpn+W+r!Szgo?!jH9Pl=ad}vW5dDXa45p! zOBFU`WM6vXVY!42C7YoAd$e`3Kxevt0ZGXW1pn_LN$ha9EvL!M(htZVN1pbVJX}ky zg}l&fhlOtyKYhyoq*M@|Wl;Z3JdZrE=M1a7)|35*lA1@polBfh_=pS2Lvxns1BR2@ zW(ZPR0-em99(cLKJ>KcJ>f$=I)VkF|l99Fn0%(oYI&aAQTpu-7y(LJu|T!*dNY+;T*L^n*)lld4LpC`_=rRfseQTz>+z z;>9YIel#c0CH@0<{k6eM%F#M%EQ0*1o3+Mm%!HC}2BY7W70jv@S3$fO87Q@(7BDzs zDx_Q-M(5txWf(XBR)zJeM&D99PkV}7UxWt?CT#E6{tH3j;};lfW^DBoQpd*^ zV;0JSY#(dwJQBkck)3w#+qgf8uBr&A`a#d-^r~wtwK-@l`x{a4oF|hVSag1jgX~E& zF*g2YR6WD9=k@az-aAWv$#h)3dakunGbz4i`eHMc5|x$NT#Mr!Yo2|FuAjW<6m^}$ zKlO5Oa<1-6mt(!&y(oPJf9^OlW(%SF0O6s&*n&vq6Q4WFqZL6uB-UMTNv)hwVwvET zScJDEPW0b=(#w7tnM-x$FL`~*%&9N++Rjp48U)J0H-*m6%CTUImxq77j6@ew;b*@% z9Bs9LS%{#(JO>9yPB_=%-6vej?Z~PT0dH5S8rx|&QxxxzP43lbC7!0>vm~62Hi^qI z&wdyMcS3Po*6!-P`0`-M)4fVSJ+V*74bm(+tm=z8a5A>>*k3Bun9dGFT94(^-e zZ6lFVJg56!bq|#l?X@G6oIh%JuwnlT${?c9+)9gY9OVik2P^h=k(< zYn4-%`S%nIPJoPY({Eda1dfG9dn+x;25zfh1vW9947)_i+i2b^crR^t2lOd*bC5rb z;if5tlzl6YnNZ(yDjNa<8UB>3RD29Uk-J9+GN=7ozN4~J*%!BwYjh-6K~p<2fxBgW zN0@RX)snXSqV+x_2$b{?2pueUe5zQt-oRZeW9NkBqzmbUnIpM?N& zD1X2hImrnwTDX(b9tS8=3MiA4c~jR<2=d~jnkR}60ih}VQ(7$_h-G7fzF(!OuF}`=d-TDqM(eLc@#oT0`0uczb4*IKZb1S0cqFBvU z+&2xI`Xf&TbROa4`AlQkAi8>2?7!Cj8@2qb{QiK)W-WxdNOADd&Jhe7@o0$?(cXm& z^_Q740Bd31YHAhlU-;HRJ6n-Vbn`KRL>Dwb`#(N=Wtm-t%*okK*Bq_83K4K6oRQ-l z4xVDoZMFg9|NkhJ%@N@LX1Aa6>PJMFC$hHcO-hY*`?hdQvQPs+8iC#wh5ey+xSYDt zU!K?62#w$Y86d0Y94@(;6}7i$fzOf}S-(|LpO`$j{XUlCdOJr2@p|LIkSJvoad{#C zHdt5@U$#8l8o3_Fy(j^&CyMQB_b3=aMyFRJofhrCeV-L9P~JuVQmf?aJ>4bdu~8aB z0J^l%Ml3zZx-+<1bQlJ!?bv{?>Sn@I(SO zWxCA^;r!0e&zr($kY=4e%GX8H?Gr1cJZ9&K!?S-%*Vc=$zlcjuw-}V0d}-?exN1Hc zC2GsT-aHnWo2`4RHLp{rofk&>^sFU0Mu`oOgYuag9T^SB5N&ciYlM6QfD#3Xb-3JF zPCh_d=c~I*_YAha7XPAYzAesgCM-VmLJswb?SvlkTmb7q#FU$}x$$uz5o(Nz{@T;8 z-p9&HO1!SkrmmP{Xn-J3`5&>qW1V=h(>KYTAl8w21S{?Hr#>oVUAj!Zg9 zumeNf`<;@?#*3W^&U(J^TieRtD+ZPiDg6&F$@x80X#05Lj95C_7o>m!IsbTXC~i{o zADF}@C;S!@k6NQdOHX(L`q!#85~Z~@v_F*vo8&+I8p^kPY-?JdD`}%;?iym1dwdbx z7ND{h!LO3re9ce}NMcm4db6gHJ7Ab6?rX_XIDj8#q-SzcwKGG!LM10#DovlyzACq_ z`mEqtoDG)tl4MAB^Xg+C>npODqqZ_+XEgNh-$}q&gXFrs#OSRg<9F_zp~Pyu zxpo!2?SW(pa+gd}rip|MGdf9H{Ho~_pS{8#^%(E9$KC8utb`SEB~EinYL5M&CzX-t zwrMl$p0Eu@d&lckZyft^veB`)*$?{UkUgI6xmT>>V$P!+BAnwB6A3LWy@HRwZFM|Y zscW{^uJcZ#@LB!1UhK=5XE{GEz)<5uWx9J&%rw2Gz>xe-*6K-LtIu`tF(Zw8zOoQz z*yZY4b60JUFWC%l70&`Kxb=;hfHB>>h;-i6=I0DwV=8DqRboI@m)!KCe zY;OCMD+{o0fC`~9ADvUi`Zju-7}mb*ZExorKTXeOWj3*u9md~|AVBb}$>V9%*HkB`P*xyC-sao6((v=EfU5O(l_CJmHxo3c0iSpJwAt@5s9N({T-$tn3JpV(>1pGI zm|cE0%@~^VCpj-4=nLP=-0|nV-SWC`13`BN1ipRaS!Am$C}7HRu9A@;r5V<0$&$v? z5|Q|noC?U~ou}vxdDQrAh9pUoCq&yXU%J8bv0bg=(7@tndao{(K|?;f(AqT8 zAdVn)(UU%I_WIxpQz>ziyoD^&G)JvU0r&Vh3hk@4HX$e}EXK)xJC32tde%+Mx^o;b z$J8cI9vLa}HG6SAjQZ|bYO$Y~^cJ91IXc;%wYWof={|z5cH1!;JD6djSbN3lR8VBb zl++b@>PphPNK;|PUQ+c%cA|lN@fVq)bJB?zbq><&C|$G^y)R35)=0~Cwht6e51glc za_IuF6-`bXXaxJlUS9;MU9}hTr;Y2RhNR7YL?>Gv2)8ol81P-n4i*vl@MqLQC4!Ro zAHeY-#O@ywz84lRPsXbYWxm9d@qM$eE%471OtzYx7NB6X=vL7q5kk96|1h6l^YaT; zEP4IZ{#MbzyYS);a0UMntWHw7ILy8sC2fJcdD#)c*~1 zY!~%KHCZIBJlGugxsJ|;OPg2Hmv`M4aocO6>#-t#hVeXL8XybxUFK z35d+ZgE1~0CgROP34^+)NVCB_ZmU5h{m9v-{Mt`isROY8V2s%*i;nIFi<8$VQ>6@? ziIdWOrDvv7tIAh*`7PEbUrW!q%3o(I)V0q}Jn;H{!4{cIYS2JV%r;{K+mVm=+AU#l z4CV0FA1%7Gj{UkNGIfCbol7hC`@a+2Exr13o6fJW$OIViB3;X#c=B+zvv!xpBdK1v zT6Di30AzPH8K=@U`xEmdlg4d_lcln*_DA^rDRjG!+Q!zf1tD{W&Kx!dHm|zK;_~=Q zx`6kjyaCQ2RcVm{qlvrPJi!V>&6_24&;2xcP2vNWH_u$^xJfki=V%4VVuz*|B#fo@ z7pHP-k9bD|u=!{M;FT?oAZx3Vx(-wn0Vttpq3~9jNbKLdGMSNV3?W{8GvZ1*J{t?p z%G?Q!%*H7&t_I&2iO{r!uJGHY81-x{Z|9D~Fz~s|ddyW?A3%Hy=j?nqW6(1#Z(Ntw z8vE`|k)m6BtaK^Z9wznZSBJmto|Y4zI^=$8V}WY(UeR{l?{gvF|2Fdsm-`3I^P%o) zO(9HB9$U!q_3^k+tP02eRvNyJ5DuH`)p%^zo+w!t?b~7EV75}o4Q0KQBxX$dFo$gR zSHK=HZ6|E(vO|s{XJd{E`tiAW8-Hecqb?(p4>(cg7-%=a|yGLhvyrwmXjqwNdC8;{oa9Ygb{i6onnxA=XB)?Sa=3Sj1OgXeL ziLXD2xd-b{3Iz3DYsy|fI~uz5b~MbXop?-?#22X_-<9^woL@e(MRwvjIc&9?H`8>6 zD<i=S)NA2h^1AUvVq$w<S4`8MR7`QOw3}Q0jwmN=vj(BjE8P$RV$E!-vhlxJ4#L6T!HtEkxd6on-zp{3YLc` z4FgW)+GiuFn@`u=gV73r99V(S7&`USSK-Agz|3jRXbknB{|iE5==h<7-fgQy{vATz z17VB0yg0pnag zK2@u;@>orYuEv5w!~+K{OYs9}dmMn;!j#5l&}c^%x4iSuzM<;wJyq_G7+5bjs>A^K zMdT-d`=@KUZz@%A+kIk#fiO7mcm#IGjgpH?qVob(69tt1T7&6}CUz*0cVihlpIl%UV2VWkZRz~OQVL`z!r~g2Im|D#M|S_H30QKc?h(>h zvGQ-!`~OYtzk1IB!5a`2#;>gH0h-+$vKKU8{kVF8OHGiQ)OZNfbJ*clM@z>DfKLm^ z(vs0{DLFqbQoQqy)4(Y_^gKEwB_*QvYuo5(tVO(2^0t+V*uP@g{eQ9Ss@k56wEr#4 zx}Z(o@Oiy2I>}AUQYG727aHBI?ht~ejvb0uv^1ajnx-UWwzp?`p) z$n+GUaZ71ph;ri!v0?}+d4C8 zoa5iCJ%v?<;_|+8l4W`;h}o&?7%N37*c;s%YX4^nx=JRgG5ZEXDg^;+7_gL}%is<# zT)}3)Uk2O&fYANI$drb1|C_{F4we>S^-OnDg3*H3m&I1gqkr+4 zqXB#_d;Y7V(w}X9bQE}|e4IK^PW>+Mvz4fB?G>!NBX(3CeTcKs=PawU{EPtQcDX?T zDBaTCA&J>U%=8S;^1glVc|ZDCvDcwb4#=j8RwZ2JK zJFEgO(>moncykEm+q3AuRSK@skr~GCxa9=t?8)faEJEW*UsgV|cGF8rwm+}0zI(=b z&sKM-iSp~6R~clJ$<2#H=xJl)g3oK*9fr4^p#`nIaMx4uR$WgOZEX)~A8)UQwP(J_ zo%sL2m-cxNt;1&L)ZOnqku9_FI`2#Vd;PO7^A{lr-?kcytRbS=)^|Az?YZ$T;p9UF zpO^Eb!;?rIFVqZ7bY-$?lIz=X>+NOJs`# z`~xDpQ0Iga@Bfj=PG;HqkYqn66J7K|vrpQHP(wwHm4W}H;~5GrZSdvk%cYaU@LCSL zmTyKG-sUqgSi+YKct)hqN=FYzyDpv$K0x{>LN(8mkxrb(b)G3!TmxS90h~-ZIw)H- z0Ti*R4CmpmxYzr>wp=-{S`f5y%fn`mc{Vlb;CAv4cC*NH_;Rbb?!R2j-6X*=f!09H-qyFXIC_UGX< zA5+$T-Y`-jEtJ8``?m1Y{|!}Ny2|yONNzdZsmdx5(J{2nVnLh~ON)?75z;SskU2ns z5!|elJ~~t;)SwgwImrVbXPwLJY;Ja$r!o&KN_19??XM37#0}sqn?nDUB}semmnBK5 z6r%LsVo4f-GCLDDp6%t(J+S-kvZ|-K@YGQzWspnHODhUcT^}vR5c{Ae8=U4c8@JyE zD6p)OU1Q)ZNUUy&QPo#Xf*kF*pz)O8edo{#1B< zvQC8(w;wiI4=nnXR8-KbMhxK^gEVX_+W);k)t~ zUVF8JtI?Do;!8!lwGeQDUs8~O#)y(FbPA?Xko5QUO4Y_6z z=zj3+-vt1KY}m`xJ@)?so6|ENOr3wjyOlsb#0=S{+wE?&BYmM?i~ zsQo0hJQ!zKk?^Np0fE~g|38v|iFV`IT>AZM1p-j4r1w%TjXM`R%O`o}0#2L7g$Gn$ z68mfiT!Sj8+o3Lh@1KIOS-$YO@t26~YF$eGg`uTA4%;ijvDdm&4ipvt97F5G|KyBy zW&hxe8L_^W0m0x`uurJcFV1*Vq1abL=FQ3OPtm~qUC63dolGQ*bNty+E0?d)F<~ux z0M$BUj`P}YClzEFaEgn2Oc2XYA=bXRE5)av02*+npP}H(VQL`t-6IJ5+MzML+}4`? z!uMv#WJ9z;M*48W$fA{Ta%cJ`L7_9nfG3h-58tMho)f!seJ|XE>=gDarGr_BGU40LV*3ybGnID| zr+h_fIRbQT=&Rn&c8cBTq?%W8Uc?5j&*ur0V|J<4j4@KyXS-C%Srye{gu1^U`^=>z z+bi^0;;Mr zl(*A;HlukH`0{h){$w8KAvwMbHX!XLp-twI{RKSLkmBd>f++Y#v;Gb|?|@oArCMga z01y&I4m2R6VK$vNWp#^#9jmG4(oT7$G-H!M!kWuBDr0&Qg02F5he-5`wZ5`88H+mH zvt(*~pAx5~hyZE=I_)p5cX