Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
Help with squid/iptables, ip_forward, etc... with proxy!
ameel
post Jan 26 2012, 11:51 PM
Post #1
Atomican
Charge




Hi guys,
I'm new @ ubuntu/linux and willing to learn.

I have a squid server at port 3128. traffic incoming into the squid server gets redirected to another port 1010 using:

QUOTE
iptables -t nat -A PREROUTING -p tcp --destination-port 3128 -j REDIRECT --to-port 1010
echo 1 > /proc/sys/net/ipv4/ip_forward


traffic from an external pc through the squid proxy at port 3128 successfully gets to the website/ip it was looking for. All works fine.

However when i'm trying to add an external proxy in the equation, and can't get it to work! Ideally, i want traffic to go into squid at port 3128 get redirected to port 1010 then forwarded to external proxy and access the original website/ip sought.

Proxy works only if i do not have iptables setup to redirect traffic from port 3128 to port 1010. The moment i redirect traffic from 3128 to 1010 using the iptable config above, external pc connects to website/ip directly from squid server instead of going through the extra proxy (from cache_peer).

I see how it makes sense since traffic is redirected to port 1010 before it goes through cache_peer. However, I am sure there should be a way to use iptables to configure the traffic to go back to the external proxy, am i right?

can anyone point me on the right track? is it something to do with postrouting/route?

desperate, i tried to apply a system-wide proxy, but even that did not work :(

any help/pointers much appreciated
Go to the top of the page
 
+Quote Post
ameel
post Jan 27 2012, 12:31 AM
Post #2
Atomican
Charge




Alright I managed to get around it by using proxychains.
So I have my the squid server with cache_peer listening to two ports.
I redirect traffic from port 3128 to 1010.
I use proxychains to redirect the traffic back to 1050 (which is the 2nd port squid server is listening to). Then squid server uses its basic cache_peer and connects to proxy.

i only realise this is not an elegant solution because the connection is now actually super slow
Go to the top of the page
 
+Quote Post
ameel
post Jan 27 2012, 12:31 PM
Post #3
Atomican
Charge




Nvm.

i edited the python script for the software that was listening at 1010 so it directs the connection to the external proxy. looks like its working now, but i can't do extensive testing (at work atm).

This post has been edited by ameel: Jan 27 2012, 12:31 PM
Go to the top of the page
 
+Quote Post
ameel
post Jan 27 2012, 06:50 PM
Post #4
Atomican
Charge




actually its not working =.=

anyone care to help?

cheers
Go to the top of the page
 
+Quote Post
ameel
post Jan 28 2012, 01:41 AM
Post #5
Atomican
Charge




ACtually, nvm. Figured it out.

Basically client connects to 1010
app listening at 1010
app forwards connection to 3128
squid listening at 3128
squid forwards connection to external proxy

(no iptables needed)

another problem is that the app listening at 1010 has certain limitations. when i try to download big files, it timesout eventually (or i cbb waiting im assuming it times out). im guessing when i click on the link, the app at 1010 downloads the file first before sending it back to the client. thence huge files (700mb or so) take forever or timeout before client sees popup to confirm downloading the file which makes it completely useless. anyone has any idea?

cheers
Go to the top of the page
 
+Quote Post
iamthemaxx
post Jan 30 2012, 09:36 AM
Post #6
Super Hero
Super Hero




What's with all the port redirections?
Go to the top of the page
 
+Quote Post
GlennsPref
post Feb 15 2012, 05:33 PM
Post #7
Atomican
Overlord




Yeah, what's wrong with port 80?


--------------------
"Everything depends upon relative minuteness".

Life is what "you" make of it.

http://counter.li.org registered as GNU/Linux user #406321
Mageia1, kde4, openbox
VirtualBox (non-ose AMD64)

must read...
http://www.religioustolerance.org/taoism.htm #(spiritual-stuff, it's good!)
http://www.webofdebt.com/articles/dollar-deception.php
Go to the top of the page
 
+Quote Post
Linux_Inside V2
post Jul 15 2012, 08:20 PM
Post #8
Atomican
Guru




Whatever you're trying to achieve, you're doing it wrong.

Why exactly do you need 2 proxies?

:edit: shit, didn't realise this thread was so old...

This post has been edited by Linux_Inside V2: Jul 15 2012, 08:23 PM
Go to the top of the page
 
+Quote Post
GlennsPref
post Jul 28 2012, 09:43 AM
Post #9
Atomican
Overlord




QUOTE
when i try to download big files, it timesout eventually

If squid is working, you may not see any progress until squid has the file,
then it will be moved to the browsers download folder or /tmp (check here for large files progress).

I still use the squid with iptables, ala "atomic firewalled gateway server" by Ashton Mills.

Rather than 2 ports for squid, I use a nic just for an internal connection (no cable). Currently this is a usb/nic.

on my home network, 10.0.0.16 is my external connection and 10.0.0.15 is my internal squid connection.

These ip's are used in both the squid.conf and firewall script.

here's a look at mine,

/etc/init.d/atomic.firewall
CODE
#!/bin/sh
#
# Atomic IPTables firewall script v1.2
#
# Simple but effective firewall written for
# the Atomic Uber Linux box guide,
# Issue 21, Oct 2002
#
# Updated May 2003 for bandwidth shaping
#
# Ashton Mills
# amills@iinet.com.au

# Environment variables, change these values accordingly

    EXT_IF=eth0
    INT_IF=eth1
    INT_NET=10.0.0.15/24

    ANY=0.0.0.0/0

    IPTABLES=/sbin/iptables
    MODPROBE=/sbin/modprobe

#
## You shouldn't need to touch anything below here
#

# Load appropriate iptables modules, others will be loaded dynamically on demand

    $MODPROBE ip_tables
    $MODPROBE iptable_filter
    $MODPROBE ip_nat_ftp
    $MODPROBE ip_conntrack
    $MODPROBE ip_conntrack_ftp

# Set proc values for TCP/IP. In order:
#
# Disable IP spoofing attacks
# Ignore broadcast pings
# Block source routing
# Kill redirects
# Set acceptable local port range
# Allow dynamic IP addresses
# Enable forwarding (gateway)

    echo "2" > /proc/sys/net/ipv4/conf/all/rp_filter
    echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
    echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
    echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
    echo "1600 61000" > /proc/sys/net/ipv4/ip_local_port_range
    echo "1" > /proc/sys/net/ipv4/ip_dynaddr
    echo "1" > /proc/sys/net/ipv4/ip_forward

# Flush everything

    $IPTABLES -F INPUT
    $IPTABLES -F OUTPUT
    $IPTABLES -F FORWARD
    $IPTABLES -t nat -F
    $IPTABLES -t mangle -F
    
#
## --- DEFAULT POLICY --- ##
#

    # Drop everything on INPUT and FORWARD chains, accept OUTPUT

    $IPTABLES -P INPUT DROP
    $IPTABLES -P FORWARD DROP
    $IPTABLES -P OUTPUT ACCEPT

#
## --- INPUT CHAIN --- ##
#

    # Allow Telstra hearbeat -- BPA users uncomment this

    $IPTABLES -A INPUT -p udp --sport 5050 -j ACCEPT
    $IPTABLES -A INPUT -p udp --sport 5051 -j ACCEPT

    # Allow local net browsing avahi/Zeroconf

    $IPTABLES -A INPUT -p udp --sport 3128 -j ACCEPT
    $IPTABLES -A INPUT -p udp --sport 5353 -j ACCEPT
    
    #Allow bootp port -- Optus and some ADSL users need this
    
    $IPTABLES -A INPUT -p udp -d 255.255.255.255 --dport 68 -j ACCEPT

    
    # Allow access to services on this (the gateway) machine

    
    # SSH
    $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

    # Teamspeak
    $IPTABLES -A INPUT -p udp --dport 8767 -j ACCEPT

    # Half Life server
    $IPTABLES -A INPUT -p udp --dport 27015 -j ACCEPT
    $IPTABLES -A INPUT -p udp --dport 27010 -j ACCEPT
    
    # FTP
    $IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT
    $IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT

    # Bittorrent
    $IPTABLES -A INPUT -p tcp --dport 6881:6969 -j ACCEPT
    $IPTABLES -A INPUT -p udp --dport 6881:6969 -j ACCEPT
    $IPTABLES -A INPUT -p tcp --dport 7881 -j ACCEPT
    $IPTABLES -A INPUT -p udp --dport 8881 -j ACCEPT
    $IPTABLES -A INPUT -p udp --dport 4444 -j ACCEPT

    # Accept all connections on local and internal interfaces

    $IPTABLES -A INPUT -i lo -j ACCEPT
    $IPTABLES -A INPUT -i $INT_IF -j ACCEPT
    
    
    
    # Accept local connections for webcam
    $IPTABLES -A INPUT -p tcp -m tcp --sport 8081 -j ACCEPT

    $IPTABLES -A OUTPUT -p tcp -o tcp --dport 8081 -j ACCEPT

    $IPTABLES -A INPUT -p udp -m udp --sport 8081 -j ACCEPT

    $IPTABLES -A OUTPUT -p udp -o udp --dport 8081 -j ACCEPT
    # Accept local config for webcam
    $IPTABLES -A INPUT -p tcp -m tcp --sport 8080 -j ACCEPT

    $IPTABLES -A OUTPUT -p tcp -o tcp --dport 8080 -j ACCEPT

    $IPTABLES -A INPUT -p udp -m udp --sport 8080 -j ACCEPT

    $IPTABLES -A OUTPUT -p udp -o udp --dport 8080 -j ACCEPT

    
    # cups
    $IPTABLES -A INPUT -p tcp -m tcp --sport 631 -j ACCEPT

    $IPTABLES -A OUTPUT -p tcp -o tcp --dport 631 -j ACCEPT

    $IPTABLES -A INPUT -p udp -m udp --sport 631 -j ACCEPT

    $IPTABLES -A OUTPUT -p udp -o udp --dport 631 -j ACCEPT

    # Stateful inspection -- Allow packets in from connections already established

    $IPTABLES -A INPUT -i $EXT_IF -m state --state ESTABLISHED,RELATED -j ACCEPT

    
    # Drop packets from invalid sources (reserved networks and localhost)

    $IPTABLES -A INPUT -i $EXT_IF -s 10.0.0.0/8 -j DROP
    $IPTABLES -A INPUT -i $EXT_IF -s 172.16.0.0/12 -j DROP
    $IPTABLES -A INPUT -i $EXT_IF -s 192.168.0.0/16 -j DROP
    $IPTABLES -A INPUT -i $EXT_IF -s 169.254.0.0/16 -j DROP
    $IPTABLES -A INPUT -d 127.0.0.0/8 -j DROP
    

    # Don't log igmp, web or ssl. More noise we don't need to log.

    $IPTABLES -A INPUT -p igmp -j DROP
    $IPTABLES -A INPUT -p tcp --dport 80 -j DROP
    $IPTABLES -A INPUT -p tcp --dport 443 -j DROP


    # Log everything else

    $IPTABLES -A INPUT -i $EXT_IF -j LOG --log-prefix "|iptables -- "

#
## -- BANDWIDTH SHAPING  -- ##
#

#
# EGRESS (upstream)
#

    # TOS marked packets (we'll just work with minimise-delay and maximise-throughput)
    $IPTABLES -t mangle -A POSTROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 10
    $IPTABLES -t mangle -A POSTROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 30

    # UDP (most games, including all Half Life mods as well as DNS, IM clients and more)
    $IPTABLES -t mangle -A POSTROUTING -p udp -j MARK --set-mark 10
    
    # Games that use DirectPlay from DirectX (note UDP traffic already matched above)
    $IPTABLES -t mangle -A POSTROUTING -p tcp --dport 47624 -j MARK --set-mark 10
    $IPTABLES -t mangle -A POSTROUTING -p tcp --dport 2300:2400 -j MARK --set-mark 10
    $IPTABLES -t mangle -A POSTROUTING -p tcp --dport 2300:2400 -j MARK --set-mark 10

    # Place other games here
    # EVE online
#    $IPTABLES -t mangle -A POSTROUTING -p tcp --dport 26000 -j MARK --set-mark 10

    # ICMP (ping)
    $IPTABLES -t mangle -A POSTROUTING -p icmp -j MARK --set-mark 10
    
    # SSH
    $IPTABLES -t mangle -A POSTROUTING -p tcp --dport 22 -j MARK --set-mark 10
    
    # Web, SSL
    $IPTABLES -t mangle -A POSTROUTING -p tcp --dport 80 -j MARK --set-mark 20
    $IPTABLES -t mangle -A POSTROUTING -p tcp --dport 443 -j MARK --set-mark 20

    # ACKs    
    $IPTABLES -t mangle -A POSTROUTING -p tcp -m length --length :64 -j MARK --set-mark 20

    #
    # No need for catchall for class 30, handled by HTB root qdisc initilisation
    #
    
#
# INGRESS (downstream)
#

    # Only prioritise class 10 traffic

    # Don't police high priority UDP, game, ping and SSH packets
    $IPTABLES -t mangle -A PREROUTING -p udp -j MARK --set-mark 10
    $IPTABLES -t mangle -A PREROUTING -p tcp --sport 47624 -j MARK --set-mark 10
    $IPTABLES -t mangle -A PREROUTING -p tcp --sport 2300:2400 -j MARK --set-mark 10
    $IPTABLES -t mangle -A PREROUTING -p tcp --sport 2300:2400 -j MARK --set-mark 10
    $IPTABLES -t mangle -A PREROUTING -p icmp -j MARK --set-mark 10
    $IPTABLES -t mangle -A PREROUTING -p tcp --sport 22 -j MARK --set-mark 10

    # Place other games here
    # EVE online
#    $IPTABLES -t mangle -A PREROUTING -p tcp --sport 26000 -j MARK --set-mark 10

    # Catchall, police everything else
    $IPTABLES -t mangle -A PREROUTING -m mark --mark 0 -j MARK --set-mark 30

    #
    # NOTE: It's a good idea -not- to add HTTP to be let through the police filter even
    # for browsing as many P2P programs, not to mention your HTTP file downloads, will
    # flood the link unpoliced, causing delays with high priority (class 10) packets.
    # Shape HTTP going out, but let it be bulk coming in.
    #
    # Read the note at the end of the atomic.shaper script for more on INGRESS shaping.
    #
    
#
## --- FORWARD CHAIN --- ##
#

    # Stateful inspection -- Forward in connections already established

    $IPTABLES -A FORWARD -i $EXT_IF -o $INT_IF -s $ANY -d $INT_NET -m state    --state ESTABLISHED,RELATED -j ACCEPT


    #---------------------------------------------------------------
    # Allow outbound DNS queries from the FW and the replies too
    #
    # - Interface eth0 is the internet interface
    #
    # Zone transfers use TCP and not UDP. Most home networks
    # / websites using a single DNS server won't require TCP statements
    #
    #---------------------------------------------------------------

# Printer port
#
    $IPTABLES -A INPUT -p udp -i eth0 --sport 127.0.0.1:9100 --dport 1024:65535 -j ACCEPT
    $IPTABLES -A INPUT -p tcp -i eth1 --sport 127.0.0.1:9100 --dport 1024:65535 -j ACCEPT

    $IPTABLES -A INPUT -p udp -i eth1 --sport 127.0.0.1:9100 --dport 1024:65535 -j ACCEPT
    $IPTABLES -A INPUT -p tcp -i eth0 --sport 127.0.0.1:9100 --dport 1024:65535 -j ACCEPT


    $IPTABLES -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 -j ACCEPT

    $IPTABLES -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 -j ACCEPT


# Forwards for software running on Windows/Linux machines behind the firewall

    # Kazaa Lite (change destination IP accordingly)

#    $IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 1214 -j DNAT --to-dest 10.0.0.15
#    $IPTABLES -A FORWARD -p tcp -i $EXT_IF --dport 1214 -d 10.0.0.15 -j ACCEPT
    
    # Bittorrent

    $IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 6881:6969 -j DNAT --to-dest 10.0.0.15
    $IPTABLES -A FORWARD -p tcp -i $EXT_IF --dport 6881:6969 -d 10.0.0.15 -j ACCEPT
    $IPTABLES -t nat -A PREROUTING -i $EXT_IF -p udp --dport 6881:6969 -j DNAT --to-dest 10.0.0.15
    $IPTABLES -A FORWARD -p udp -i $EXT_IF --dport 6881:6969 -d 10.0.0.15 -j ACCEPT

    $IPTABLES -t nat -A PREROUTING -i $EXT_IF -p udp --dport 4444 -j DNAT --to-dest 10.0.0.15
    $IPTABLES -A FORWARD -p udp -i $EXT_IF --dport 4444 -d 10.0.0.15 -j ACCEPT

    $IPTABLES -t nat -A PREROUTING -i $EXT_IF -p udp --dport 7881 -j DNAT --to-dest 10.0.0.15
    $IPTABLES -A FORWARD -p udp -i $EXT_IF --dport 7881 -d 10.0.0.15 -j ACCEPT
    $IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 7881 -j DNAT --to-dest 10.0.0.15
    $IPTABLES -A FORWARD -p tcp -i $EXT_IF --dport 7881 -d 10.0.0.15 -j ACCEPT

    $IPTABLES -t nat -A PREROUTING -i $EXT_IF -p udp --dport 8881 -j DNAT --to-dest 10.0.0.15
    $IPTABLES -A FORWARD -p udp -i $EXT_IF --dport 8881 -d 10.0.0.15 -j ACCEPT
    $IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 8881 -j DNAT --to-dest 10.0.0.15
    $IPTABLES -A FORWARD -p tcp -i $EXT_IF --dport 8881 -d 10.0.0.15 -j ACCEPT

    # Forwards for hosting DirectPlay games

#    $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --dport 47624 -m state --state NEW,ESTABLISHED -j ACCEPT
#    $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 47624 -j DNAT --to-destination 10.0.0.15:47624
#    $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --dport 2300:2400 -m state --state NEW,ESTABLISHED -j ACCEPT
#    $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 2300:2400 -j DNAT --to-destination 10.0.0.15:2300-2400
#    $IPTABLES -A FORWARD -i eth0 -o eth1 -p udp --dport 2300:2400 -m state --state NEW,ESTABLISHED -j ACCEPT
#    $IPTABLES -t nat -A PREROUTING -i eth0 -p udp --dport 2300:2400 -j DNAT --to-destination 10.0.0.15:2300-2400

    
    # Forward out all traffic

    $IPTABLES -A FORWARD -i $INT_IF -d $ANY -j ACCEPT

#
## --- OUTPUT CHAIN --- ##
#

    # Follows policy

#
## --- NAT --- ##
#

    # Enable masquerade

    $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -j MASQUERADE

#
## -- Transparent proxy to Squid --- ##
#

    $IPTABLES -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

    $IPTABLES -t nat -A PREROUTING -i $INT_IF -p tcp --dport 80 -j REDIRECT --to-port 3128


/etc/squid/squid.conf
CODE
http_port 10.0.0.15:3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir diskd /var/spool/squid 5000 16 256
cache_store_log none
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
half_closed_clients off
acl manager proto cache_object
acl localhost src 127.0.0.0/8
acl to_localhost dst 127.0.0.0/8
#acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 10.0.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
acl mynetwork src 10.0.0.0/16
http_access allow mynetwork
http_access allow localnet
http_access allow localhost
http_reply_access allow all
icp_access allow all
visible_hostname squid@GamesBox.GlennsPref.net
append_domain .GamesBox.GlennsPref.net
err_html_text admin@GamesBox.GlennsPref.net
deny_info ERR_CACHE_ACCESS_DENIED all
memory_pools off
coredump_dir /var/spool/squid
ie_refresh on


/etc/sysctl.conf
CODE
# Kernel sysctl configuration file
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Disables IP dynaddr
net.ipv4.ip_dynaddr = 0
# Disable ECN
net.ipv4.tcp_ecn = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
#kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# If you set this variable to 1 then cd tray will close automatically when the
# cd drive is being accessed.
# Setting this to 1 is not advised when supermount is enabled
# (as it has been known to cause problems)
dev.cdrom.autoclose=1
# removed to fix some digital extraction problems
# dev.cdrom.check_media=1

# to be able to eject via the device eject button (magicdev)
dev.cdrom.lock=0

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.icmp_echo_ignore_broadcasts=0
net.ipv4.icmp_echo_ignore_all=0
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.all.log_martians=1
fs.inotify.max_user_watches = 524288
net.ipv4.conf.all.forwarding=1  #hacked squid
net.ipv4.ip_forward=1


Each nic requires an ip, I don't know how this would work with dhcp (non-static) addressing.

I use rc.local to instigate the scripts for ifup, firewall and squid.
This adds some time to the boot sequence, but not much, and
the connection is usually ready by the time the OS has loaded to a full GUI desktop.

/etc/rc.local
CODE
#!/bin/sh
#
### BEGIN INIT INFO
# Provides: rc.local
# X-Mandriva-Compat-Mode
# Default-Start: 2 3 4 5
# Short-Description: Local initialization script
# Description: This script will be executed at the end of the boot process.
#              You can put your own initialization stuff in here if you don't
#              want to do the full Sys V style init stuff.
### END INIT INFO

touch /var/lock/subsys/local
ifdown eth0
ifdown eth1
sh /etc/init.d/atomic.firewall
ifup eth1
ifup eth0
service squid start
/usr/bin/mbmon -r -P 5355


I hope this helps, regards Glenn


--------------------
"Everything depends upon relative minuteness".

Life is what "you" make of it.

http://counter.li.org registered as GNU/Linux user #406321
Mageia1, kde4, openbox
VirtualBox (non-ose AMD64)

must read...
http://www.religioustolerance.org/taoism.htm #(spiritual-stuff, it's good!)
http://www.webofdebt.com/articles/dollar-deception.php
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 28th July 2014 - 02:11 PM