How do I force VPN user traffic to go through SOCKS5 proxy? The Next CEO of Stack...
Reference request: Grassmannian and Plucker coordinates in type B, C, D
Are police here, aren't itthey?
Newlines in BSD sed vs gsed
Prepend last line of stdin to entire stdin
Is it okay to majorly distort historical facts while writing a fiction story?
Why do remote US companies require working in the US?
WOW air has ceased operation, can I get my tickets refunded?
0 rank tensor vs 1D vector
Writing differences on a blackboard
Why the difference in type-inference over the as-pattern in two similar function definitions?
Is there a way to save my career from absolute disaster?
Why, when going from special to general relativity, do we just replace partial derivatives with covariant derivatives?
What was the first Unix version to run on a microcomputer?
Why did CATV standarize in 75 ohms and everyone else in 50?
Bartok - Syncopation (1): Meaning of notes in between Grand Staff
Do I need to write [sic] when a number is less than 10 but isn't written out?
Which one is the true statement?
Is wanting to ask what to write an indication that you need to change your story?
Is there always a complete, orthogonal set of unitary matrices?
Does Germany produce more waste than the US?
Grabbing quick drinks
Solving system of ODEs with extra parameter
Why didn't Khan get resurrected in the Genesis Explosion?
What connection does MS Office have to Netscape Navigator?
How do I force VPN user traffic to go through SOCKS5 proxy?
The Next CEO of Stack Overflowiptables rules to block ssh remote forwarded portsftp tls firewalled :(FsockOpen problem with Iptables inside OpenVZ VMWorkaround for state ESTABLISHED,RELATED to allow downloads?RHEL 6 Having issues forwarding port 80 to port 8080Configuring iptables on dd-wrt routerdebian kvm server with iptables is dropping bridge packetsRouting and OpenVPN not running on the default gatewayIPtables blocking SSH only if using conntrackDouble VPN client->server->client
I have a Raspberry Pi which establishes an SSH proxy to a remote server (VPS) and opens a port on the Pi so I can use it as a SOCKS proxy. This is the command I use to establish the tunnel:
ssh -D 1080 -f -C -q -N user@hostname
This shows you how it is supposed to work:
______________________________
| |
| Client |
|______________________________|
|
| L2TP over IPSEC
________________|_______________ __
| | |
| VPN (192.168.1.XXX) | |
|________________________________| |
________________|_______________ |-RaspberryPi
| | |
| SOCKS5 (127.0.0.1:1080) | |
|________________________________|__|
|
| SSH tunnel
________________|________________
| |
| VPS (Amazon EC2) |
|_________________________________|
|
/
/
the internet
These are my IP tables:
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.42.0/24 -o eth+ -j MASQUERADE
-A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol none -j DROP
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -j DROP
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -i eth+ -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ppp+ -o eth+ -j ACCEPT
-A FORWARD -s 192.168.42.0/24 -d 192.168.42.0/24 -i ppp+ -o ppp+ -j ACCEPT
-A FORWARD -d 192.168.43.0/24 -i eth+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.43.0/24 -o eth+ -j ACCEPT
-A FORWARD -j DROP
COMMIT
The script "setup-ipsec-vpn" was used to make the VPN.
So my question is: How can I change these IP tables to drop all of the VPN clients' outbound packets unless it is using the SOCKS5 proxy on the Raspberry Pi (:1080)
ssh iptables vpn firewall proxy
asked Apr 9 '17 at 12:17
user3573987user3573987
63
bumped to the homepage by Community♦ 10 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have a Raspberry Pi which establishes an SSH proxy to a remote server (VPS) and opens a port on the Pi so I can use it as a SOCKS proxy. This is the command I use to establish the tunnel:
ssh -D 1080 -f -C -q -N user@hostname
This shows you how it is supposed to work:
______________________________
| |
| Client |
|______________________________|
|
| L2TP over IPSEC
________________|_______________ __
| | |
| VPN (192.168.1.XXX) | |
|________________________________| |
________________|_______________ |-RaspberryPi
| | |
| SOCKS5 (127.0.0.1:1080) | |
|________________________________|__|
|
| SSH tunnel
________________|________________
| |
| VPS (Amazon EC2) |
|_________________________________|
|
/
/
the internet
These are my IP tables:
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.42.0/24 -o eth+ -j MASQUERADE
-A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol none -j DROP
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -j DROP
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -i eth+ -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ppp+ -o eth+ -j ACCEPT
-A FORWARD -s 192.168.42.0/24 -d 192.168.42.0/24 -i ppp+ -o ppp+ -j ACCEPT
-A FORWARD -d 192.168.43.0/24 -i eth+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.43.0/24 -o eth+ -j ACCEPT
-A FORWARD -j DROP
COMMIT
The script "setup-ipsec-vpn" was used to make the VPN.
So my question is: How can I change these IP tables to drop all of the VPN clients' outbound packets unless it is using the SOCKS5 proxy on the Raspberry Pi (:1080)
ssh iptables vpn firewall proxy
asked Apr 9 '17 at 12:17
user3573987user3573987
63
bumped to the homepage by Community♦ 10 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have a Raspberry Pi which establishes an SSH proxy to a remote server (VPS) and opens a port on the Pi so I can use it as a SOCKS proxy. This is the command I use to establish the tunnel:
ssh -D 1080 -f -C -q -N user@hostname
This shows you how it is supposed to work:
______________________________
| |
| Client |
|______________________________|
|
| L2TP over IPSEC
________________|_______________ __
| | |
| VPN (192.168.1.XXX) | |
|________________________________| |
________________|_______________ |-RaspberryPi
| | |
| SOCKS5 (127.0.0.1:1080) | |
|________________________________|__|
|
| SSH tunnel
________________|________________
| |
| VPS (Amazon EC2) |
|_________________________________|
|
/
/
the internet
These are my IP tables:
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.42.0/24 -o eth+ -j MASQUERADE
-A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol none -j DROP
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -j DROP
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -i eth+ -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ppp+ -o eth+ -j ACCEPT
-A FORWARD -s 192.168.42.0/24 -d 192.168.42.0/24 -i ppp+ -o ppp+ -j ACCEPT
-A FORWARD -d 192.168.43.0/24 -i eth+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.43.0/24 -o eth+ -j ACCEPT
-A FORWARD -j DROP
COMMIT
The script "setup-ipsec-vpn" was used to make the VPN.
So my question is: How can I change these IP tables to drop all of the VPN clients' outbound packets unless it is using the SOCKS5 proxy on the Raspberry Pi (:1080)
ssh iptables vpn firewall proxy
asked Apr 9 '17 at 12:17
user3573987user3573987
63
I have a Raspberry Pi which establishes an SSH proxy to a remote server (VPS) and opens a port on the Pi so I can use it as a SOCKS proxy. This is the command I use to establish the tunnel:
ssh -D 1080 -f -C -q -N user@hostname
This shows you how it is supposed to work:
______________________________
| |
| Client |
|______________________________|
|
| L2TP over IPSEC
________________|_______________ __
| | |
| VPN (192.168.1.XXX) | |
|________________________________| |
________________|_______________ |-RaspberryPi
| | |
| SOCKS5 (127.0.0.1:1080) | |
|________________________________|__|
|
| SSH tunnel
________________|________________
| |
| VPS (Amazon EC2) |
|_________________________________|
|
/
/
the internet
These are my IP tables:
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.42.0/24 -o eth+ -j MASQUERADE
-A POSTROUTING -s 192.168.43.0/24 -o eth+ -m policy --dir out --pol none -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol none -j DROP
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500 -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -m policy --dir in --pol ipsec -j ACCEPT
-A INPUT -p udp -m udp --dport 1701 -j DROP
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -i eth+ -o ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ppp+ -o eth+ -j ACCEPT
-A FORWARD -s 192.168.42.0/24 -d 192.168.42.0/24 -i ppp+ -o ppp+ -j ACCEPT
-A FORWARD -d 192.168.43.0/24 -i eth+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.43.0/24 -o eth+ -j ACCEPT
-A FORWARD -j DROP
COMMIT
The script "setup-ipsec-vpn" was used to make the VPN.
So my question is: How can I change these IP tables to drop all of the VPN clients' outbound packets unless it is using the SOCKS5 proxy on the Raspberry Pi (:1080)
ssh iptables vpn firewall proxy
ssh iptables vpn firewall proxy
asked Apr 9 '17 at 12:17
user3573987user3573987
63
asked Apr 9 '17 at 12:17
user3573987user3573987
63
edited Apr 9 '17 at 12:33
user3573987
asked Apr 9 '17 at 12:17
user3573987user3573987
63
asked Apr 9 '17 at 12:17
user3573987user3573987
63
asked Apr 9 '17 at 12:17
user3573987user3573987
63
63
bumped to the homepage by Community♦ 10 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 10 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The answer depends in part on whether you will configure your clients.
In other words, do you intend for the SOCKS proxy to be explicit, or transparent?
If you can configure your client apps to use an explicit proxy, then it should be simple enough (although you may want to have your SOCKS listen on the VPN interface - or create a DNAT rule).
-A INPUT -s 192.168.1.0/24 -d 192.168.1.1 -m tcp -p tcp --dport 1080 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -j DROP
-A FORWARD -s 192.168.1.0/24 -j DROP
If you wanted to have a transparent proxy, I think it may be worth considering introducing haproxy.
This haproxy blog post provides an overview of how to setup transparent binding, which sounds like it might work for your use case.
You may in that case find it easier to have SSH in tunnel mode rather than SOCKS (or add another VPN connection between Pi and gateway).
The specific rule causing your 'issue' right now is, I think, this one:
-A FORWARD -i ppp+ -o eth+ -j ACCEPT
More generally, it seems as though you might want to rewrite your firewall rules to achieve what you want.
answered Apr 9 '17 at 12:43
iwaseatenbyagrueiwaseatenbyagrue
3,097718
The SOCKS proxy is explicit and defined in the VPN profiles for the clients. However, if the proxy is down, it ignores it and just uses the RaspberryPi's connection. I want to stop that from happening. If the proxy is down, their requests should not go anywhere
– user3573987
Apr 9 '17 at 12:57
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f843531%2fhow-do-i-force-vpn-user-traffic-to-go-through-socks5-proxy%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The answer depends in part on whether you will configure your clients.
In other words, do you intend for the SOCKS proxy to be explicit, or transparent?
If you can configure your client apps to use an explicit proxy, then it should be simple enough (although you may want to have your SOCKS listen on the VPN interface - or create a DNAT rule).
-A INPUT -s 192.168.1.0/24 -d 192.168.1.1 -m tcp -p tcp --dport 1080 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -j DROP
-A FORWARD -s 192.168.1.0/24 -j DROP
If you wanted to have a transparent proxy, I think it may be worth considering introducing haproxy.
This haproxy blog post provides an overview of how to setup transparent binding, which sounds like it might work for your use case.
You may in that case find it easier to have SSH in tunnel mode rather than SOCKS (or add another VPN connection between Pi and gateway).
The specific rule causing your 'issue' right now is, I think, this one:
-A FORWARD -i ppp+ -o eth+ -j ACCEPT
More generally, it seems as though you might want to rewrite your firewall rules to achieve what you want.
answered Apr 9 '17 at 12:43
iwaseatenbyagrueiwaseatenbyagrue
3,097718
The SOCKS proxy is explicit and defined in the VPN profiles for the clients. However, if the proxy is down, it ignores it and just uses the RaspberryPi's connection. I want to stop that from happening. If the proxy is down, their requests should not go anywhere
– user3573987
Apr 9 '17 at 12:57
add a comment |
The answer depends in part on whether you will configure your clients.
In other words, do you intend for the SOCKS proxy to be explicit, or transparent?
If you can configure your client apps to use an explicit proxy, then it should be simple enough (although you may want to have your SOCKS listen on the VPN interface - or create a DNAT rule).
-A INPUT -s 192.168.1.0/24 -d 192.168.1.1 -m tcp -p tcp --dport 1080 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -j DROP
-A FORWARD -s 192.168.1.0/24 -j DROP
If you wanted to have a transparent proxy, I think it may be worth considering introducing haproxy.
This haproxy blog post provides an overview of how to setup transparent binding, which sounds like it might work for your use case.
You may in that case find it easier to have SSH in tunnel mode rather than SOCKS (or add another VPN connection between Pi and gateway).
The specific rule causing your 'issue' right now is, I think, this one:
-A FORWARD -i ppp+ -o eth+ -j ACCEPT
More generally, it seems as though you might want to rewrite your firewall rules to achieve what you want.
answered Apr 9 '17 at 12:43
iwaseatenbyagrueiwaseatenbyagrue
3,097718
The SOCKS proxy is explicit and defined in the VPN profiles for the clients. However, if the proxy is down, it ignores it and just uses the RaspberryPi's connection. I want to stop that from happening. If the proxy is down, their requests should not go anywhere
– user3573987
Apr 9 '17 at 12:57
add a comment |
The answer depends in part on whether you will configure your clients.
In other words, do you intend for the SOCKS proxy to be explicit, or transparent?
If you can configure your client apps to use an explicit proxy, then it should be simple enough (although you may want to have your SOCKS listen on the VPN interface - or create a DNAT rule).
-A INPUT -s 192.168.1.0/24 -d 192.168.1.1 -m tcp -p tcp --dport 1080 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -j DROP
-A FORWARD -s 192.168.1.0/24 -j DROP
If you wanted to have a transparent proxy, I think it may be worth considering introducing haproxy.
This haproxy blog post provides an overview of how to setup transparent binding, which sounds like it might work for your use case.
You may in that case find it easier to have SSH in tunnel mode rather than SOCKS (or add another VPN connection between Pi and gateway).
The specific rule causing your 'issue' right now is, I think, this one:
-A FORWARD -i ppp+ -o eth+ -j ACCEPT
More generally, it seems as though you might want to rewrite your firewall rules to achieve what you want.
answered Apr 9 '17 at 12:43
iwaseatenbyagrueiwaseatenbyagrue
3,097718
The answer depends in part on whether you will configure your clients.
In other words, do you intend for the SOCKS proxy to be explicit, or transparent?
If you can configure your client apps to use an explicit proxy, then it should be simple enough (although you may want to have your SOCKS listen on the VPN interface - or create a DNAT rule).
-A INPUT -s 192.168.1.0/24 -d 192.168.1.1 -m tcp -p tcp --dport 1080 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -j DROP
-A FORWARD -s 192.168.1.0/24 -j DROP
If you wanted to have a transparent proxy, I think it may be worth considering introducing haproxy.
This haproxy blog post provides an overview of how to setup transparent binding, which sounds like it might work for your use case.
You may in that case find it easier to have SSH in tunnel mode rather than SOCKS (or add another VPN connection between Pi and gateway).
The specific rule causing your 'issue' right now is, I think, this one:
-A FORWARD -i ppp+ -o eth+ -j ACCEPT
More generally, it seems as though you might want to rewrite your firewall rules to achieve what you want.
answered Apr 9 '17 at 12:43
iwaseatenbyagrueiwaseatenbyagrue
3,097718
edited Apr 9 '17 at 13:08
answered Apr 9 '17 at 12:43
iwaseatenbyagrueiwaseatenbyagrue
3,097718
answered Apr 9 '17 at 12:43
iwaseatenbyagrueiwaseatenbyagrue
3,097718
answered Apr 9 '17 at 12:43
iwaseatenbyagrueiwaseatenbyagrue
3,097718
3,097718
The SOCKS proxy is explicit and defined in the VPN profiles for the clients. However, if the proxy is down, it ignores it and just uses the RaspberryPi's connection. I want to stop that from happening. If the proxy is down, their requests should not go anywhere
– user3573987
Apr 9 '17 at 12:57
add a comment |
The SOCKS proxy is explicit and defined in the VPN profiles for the clients. However, if the proxy is down, it ignores it and just uses the RaspberryPi's connection. I want to stop that from happening. If the proxy is down, their requests should not go anywhere
– user3573987
Apr 9 '17 at 12:57
The SOCKS proxy is explicit and defined in the VPN profiles for the clients. However, if the proxy is down, it ignores it and just uses the RaspberryPi's connection. I want to stop that from happening. If the proxy is down, their requests should not go anywhere
– user3573987
Apr 9 '17 at 12:57
The SOCKS proxy is explicit and defined in the VPN profiles for the clients. However, if the proxy is down, it ignores it and just uses the RaspberryPi's connection. I want to stop that from happening. If the proxy is down, their requests should not go anywhere
– user3573987
Apr 9 '17 at 12:57
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f843531%2fhow-do-i-force-vpn-user-traffic-to-go-through-socks5-proxy%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
