<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.gmailquote
{mso-style-name:gmail_quote;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
p.section, li.section, div.section
{mso-style-name:section;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:13.5pt;
font-family:"Times New Roman","serif";
font-weight:bold;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hrmmm..doing some reading on regarding zebra, I found something that
might work..multipath routing (not really part of zebra)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Here’s a url for some more info:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><a
href="http://www.tipsternet.com/articles/advance%20routing.htm">http://www.tipsternet.com/articles/advance%20routing.htm</a><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>specifically:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Connection
based tracking give you the most control but it may or may not require a patch
to your kernel. The concept here is to classify packets by src, dst, port, dev,
tcp or udp, etc and mark it with a flag. You then create a routing rule to
detect the mark and fling those class of packets out a particular interface.
Simple? It is. It a very powerful way of manipulating routes. <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Tip:
Keep your router as a router. Don't start sticking applications and services on
it. Locally generated packets may seem to work the same but they are exempt
from certain routing logic and manipulations.<o:p></o:p></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>vi
/etc/iproute2/rt_tables<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>-------------------------------<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#
reserved values<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>255
local<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>254
main<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>253
default<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>0
unspec<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#
local<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#1
inr.ruhep<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#
Add the custom lookup tables into the route file<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>100
Eth0<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>101
Eth1<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>102
Eth2<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>--------------------------------<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#Assign
a default route to each table to send data out the related Interface [C]<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>ip
route flush table Eth0<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>ip
route add table Eth0 default via $gwEth0 dev eth0<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>ip
route flush table Eth1<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>ip
route add table Eth1 default via $gwEth1 dev eth1<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>ip
route flush table Eth2<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>ip
route add table Eth2 default via $gwEth2 dev eth2<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#Clear
out old rules<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>ip
rule show | grep -Ev '^(0|32766|32767):|iif lo' \<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'> |
while read PRIO NATRULE; do<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>
ip rule del prio ${PRIO%%:*} $( echo $NATRULE | sed 's|all|0/0|' )<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>done<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#We
will fling packets based on the mark on Packet (this is the RPDB) [B]<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>ip
rule add fwmark 100 table Eth0<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>ip
rule add fwmark 101 table Eth1<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>ip
rule add fwmark 102 table Eth2<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>#Now
we simply mark the packets we want with the mark to the interface [A]<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>iptables
-F PREROUTING -t mangle<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>iptables
-I PREROUTING 1 -t mangle -m conntrack --ctorigdst $Eth0 -j MARK --set-mark 100
-m mark --mark 0<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'>iptables
-I PREROUTING 1 -t mangle -m conntrack --ctorigdst $Eth2 -j MARK --set-mark 102
-m mark --mark 0<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Going
from bottom up, from the perspective of the packet. <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>A.
Our friendly linux kernel relates every packet moving through it to a
connection defined by the original source and destination + ports. Whether if
its SNATTED, DNATTED or anyting inbetween, If a packet was part of a connection
that was originally destined inbound to Eth0 we mark it with 100. <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>B.
When it is time to make a routing decision for that packet, the kernel checkes
the RPDB (ip rule) and fling packets marked with 100 out lookup Table Eth0. <o:p></o:p></p>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>C.
Routing Table Eth0 will then direct all packets out interface dev eth0. <o:p></o:p></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=section>Fine Tuning Multipath Outbound<o:p></o:p></p>
<p>Route cache is decent in maintaining your "session" out an
interface, but there is a time when you want to maintain that routing decision
yourself. In the middle of a connection, a route cache may expire due to
inactivity or a random gamma particle hitting your box, leaving any future
packet free to choose one of the two available outbound paths. <o:p></o:p></p>
<p>When the route cache expires, you have a fifty-fifty chance of going out the
wrong interface. <o:p></o:p></p>
<p>To fix this the first thing to do is to return our default path out one
interface. <o:p></o:p></p>
<pre>ip route replace default via $gwEth0<o:p></o:p></pre>
<p>Then we create three new routing tables so we can get better control of our
routes. <o:p></o:p></p>
<pre>vi /etc/iproute2/rt_tables<o:p></o:p></pre><pre>-------------------------------<o:p></o:p></pre><pre>#<o:p></o:p></pre><pre># reserved values<o:p></o:p></pre><pre>#<o:p></o:p></pre><pre>255 local<o:p></o:p></pre><pre>254 main<o:p></o:p></pre><pre>253 default<o:p></o:p></pre><pre>0 unspec<o:p></o:p></pre><pre>#<o:p></o:p></pre><pre># local<o:p></o:p></pre><pre>#<o:p></o:p></pre><pre>#1 inr.ruhep<o:p></o:p></pre><pre>#<o:p></o:p></pre><pre>100 Eth0<o:p></o:p></pre><pre>101 Eth1<o:p></o:p></pre><pre>102 Eth2<o:p></o:p></pre><pre># New tables Pref0, Equalize, and Pref2<o:p></o:p></pre><pre>200 Pref0<o:p></o:p></pre><pre>201 Equalize<o:p></o:p></pre><pre>202 Pref2<o:p></o:p></pre><pre>--------------------------------<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>#Assign multipath routes to each table, preferencing a particular interface<o:p></o:p></pre><pre>ip route flush table Pref0<o:p></o:p></pre><pre>ip route add table Pref0 default nexthop via $gwEth0 weight 1 nexthop via $gwEth2 weight 100<o:p></o:p></pre><pre>ip route flush table Equalize<o:p></o:p></pre><pre>ip route add table Equalize equalize default nexthop via $gwEth0 weight 1 nexthop via $gwEth2 weight 1<o:p></o:p></pre><pre>ip route flush table Pref2<o:p></o:p></pre><pre>ip route add table Pref2 default nexthop via $gwEth0 weight 100 nexthop via $gwEth2 weight 1<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>#Add the rules matching marks to lookup tables<o:p></o:p></pre><pre>ip rule add fwmark 200 table Pref0<o:p></o:p></pre><pre>ip rule add fwmark 201 table Equalize<o:p></o:p></pre><pre>ip rule add fwmark 202 table Pref2<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>#Table Pref0 will always send traffic marked with 200 out Eth0, unless Eth0 is down.<o:p></o:p></pre><pre>#Table Equalize will send traffic marked with 201 out both interfaces equally like discussed earlier.<o:p></o:p></pre><pre>#Table Pref2 will always send traffic marked with 202 out Eth2, unless Eth2 is down.<o:p></o:p></pre>
<p>Now we simply mark outbound packets the same way we marked inbound packets.
If you want Joe from internal Host 10.1.1.144 to only use ISP2 then you would
add:<o:p></o:p></p>
<pre>#mark joe with 202 and let ip rule (RPDB) send out Pref2<o:p></o:p></pre><pre>iptables -I PREROUTING 1 -t mangle -s 10.1.1.144 -j MARK --set-mark 202 -m mark --mark 0<o:p></o:p></pre>
<p>If you want to send all mail out ISP1 then you would add:<o:p></o:p></p>
<pre>#mark smtp with 200 and let ip rule (RPDB) send out Pref0<o:p></o:p></pre><pre>iptables -I PREROUTING 1 -t mangle -p tcp --dport 25 -i eth1 -j MARK --set-mark 200 -m mark --mark 0<o:p></o:p></pre>
<p>This packet fling method allows us to fully control what packet and traffic
type goes out what interface. Because classified traffic will be forced out a
particular interface, we do not need to worry about route cache. <o:p></o:p></p>
<p>This leaves us with one routing table that can still cause us problems. The
Equalize table.<o:p></o:p></p>
<p>How do we influence the equalize route choice so that it picks the same
interface it did prior to the clearing of the route cache?<o:p></o:p></p>
<p>The equalize forces the system to randomly pick one of the two nexthop
choices, so the second time it's forced to equalize a route it doesn't know
about it's previous selection.<o:p></o:p></p>
<p>To get this to work properly we need to equalize only the initial connection
packet, remember which way it went and use that same route for all new packets
belonging to the connection. The only way to do this is with the CONNMARK
patch. Here's how.<o:p></o:p></p>
<pre>#mark all packets send out an interface with the proper interface preference mark (if it's been equalized)<o:p></o:p></pre><pre>iptables -I POSTROUTING 1 -t mangle -o eth0 -j MARK --set-mark 200 -m mark --mark 201<o:p></o:p></pre><pre>iptables -I POSTROUTING 1 -t mangle -o eth2 -j MARK --set-mark 202 -m mark --mark 201<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>#the last line in POSTROUTING is the magic statement that stores the mark associated with the connection.<o:p></o:p></pre><pre>iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark <o:p></o:p></pre><pre><o:p> </o:p></pre><pre>#first line in PREROUTING will pull out the existing mark on the connection for the packet<o:p></o:p></pre><pre>iptables -I PREROUTING 1 -t mangle -i eth1 -j CONNMARK --restore-mark<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>#Equalize HTTP Traffic with mark 201<o:p></o:p></pre><pre>iptables -A PREROUTING -t mangle -p tcp --dport 80 -i eth1 -j MARK --set-mark 201 -m mark --mark 0<o:p></o:p></pre>
<p>Here's the packet flow. The first HTTP packet from the internal system will not
be affected by the restore. It will hit the prerouting mangle criteria for
tcp:80 and set the mark to 201. The kernel uses RPDB (ip rule) and lookup the
Equalize table to pick a path. Apon exiting POSTROUTING the mark is set to the
interface it exits from (200) and saved.<o:p></o:p></p>
<p>Pretend route cache is flushed.<o:p></o:p></p>
<p>Any additional HTTP packet from the internal system relating to the previous
connection will hit "restore-mark" and pull back a (200). Because the
mark is not 0, no other marking will occur. The kernel uses RPDB (ip rule) and
lookup the Pref0 table for mark 200 and send it out Eth0 without bothering with
equalize. <o:p></o:p></p>
<p>There you have it. My multipath routing setup in a nutshell.<o:p></o:p></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
nflug-bounces@nflug.org [mailto:nflug-bounces@nflug.org] <b>On Behalf Of </b>Joshua
Ronne Altemoos<br>
<b>Sent:</b> Friday, October 26, 2007 1:35 PM<br>
<b>To:</b> nflug@nflug.org<br>
<b>Subject:</b> RE: [nflug] Routing Problem that I would love some input on<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>There are advanced routing programs out there like zebra that
should be able to do this for you!<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
nflug-bounces@nflug.org [mailto:nflug-bounces@nflug.org] <b>On Behalf Of </b>Brad
Bartram<br>
<b>Sent:</b> Thursday, October 25, 2007 6:29 PM<br>
<b>To:</b> nflug@nflug.org<br>
<b>Subject:</b> Re: [nflug] Routing Problem that I would love some input on<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'>Grr, I was hoping there was a
way to do it just using the routing tables. Somehow I had it set in my
brain that there was a way, but I just forgot how to do it. Oh well, I
guess I'll go back to my original idea and just put the apps on different boxes
and not worry about dealing with iptables or any of that jazz. <br>
<br>
Thanks for the responses.<o:p></o:p></p>
<div>
<p class=MsoNormal><span class=gmailquote>On 10/25/07, <b>Robert Wolfe</b> <<a
href="mailto:robertwolfe@localnet.com">robertwolfe@localnet.com</a>> wrote:</span>
<o:p></o:p></p>
<p class=MsoNormal>On Thu, 25 Oct 2007 16:21:41 -0400<br>
"Mark Musone" <<a href="mailto:mmusone@shatterit.com">
mmusone@shatterit.com</a>> wrote:<br>
<br>
> Unfortunately, using standard routing tables, you can't L (I've been down<br>
> this road before)<br>
<br>
Same here, I've just been too busy today to answer the original posting :P <br>
<br>
> It's going to go out your default route. (Remember when we had that
problem<br>
> with one of your customers and we put them on a different network..the<br>
> inbound packets were fine, but the outbound ones went out the original <br>
> provider)<br>
<br>
Yeah, it would be nice if you COULD do what was originally inquired about.<br>
If it were possible in ANY way, I could load balance all my network<br>
traffic without any problems :) (well, without spending loads of
money, <br>
too <G>).<br>
<br>
> The other option is to use iptables..i think you might be able to do some<br>
> dependency routing and send data out specific nic cards (or at least do
some<br>
> header nagling)<br>
<br>
Ugh! There's that nasty word again,
"iptables." Almost as nasty as "vi." :P<br>
<br>
--<br>
Robert Wolfe (<a href="mailto:robertwolfe@localnet.com">robertwolfe@localnet.com</a>)
| Systems Administrator <br>
LocalNet Corp | Williamsville, NY | <a
href="http://www.localnet.com">http://www.localnet.com</a><br>
_______________________________________________<br>
nflug mailing list<br>
<a href="mailto:nflug@nflug.org">nflug@nflug.org </a><br>
<a href="http://www.nflug.org/mailman/listinfo/nflug">http://www.nflug.org/mailman/listinfo/nflug</a><o:p></o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>