From owner-freebsd-jail@FreeBSD.ORG  Wed Jun 11 21:31:30 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1265EF4F
 for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 21:31:30 +0000 (UTC)
Received: from mail-ie0-x22b.google.com (mail-ie0-x22b.google.com
 [IPv6:2607:f8b0:4001:c03::22b])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id BEF9529A1
 for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 21:31:29 +0000 (UTC)
Received: by mail-ie0-f171.google.com with SMTP id x19so350244ier.30
 for <freebsd-jail@freebsd.org>; Wed, 11 Jun 2014 14:31:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa;
 h=references:mime-version:in-reply-to:content-type
 :content-transfer-encoding:message-id:cc:from:subject:date:to;
 bh=a318087zvthGp1xtueUWjyTTDFd5WJtzl78y8x7W14o=;
 b=Lg7BVk56U9svWH9ksTrxn9/LwwOl9twi8guRhp0jjGRAZaDoQ0VPYi0xuGE1+3Hbib
 7/UWOg/Z6CloR4mYUL3yqDXWitQ+NE88FqL/uDzYLlqNla24Iq7PVVbgSD+KBbixUOPG
 hKhp1yyEAcEcah0fHh1uB3an5b2fa79mWqo8k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:references:mime-version:in-reply-to:content-type
 :content-transfer-encoding:message-id:cc:from:subject:date:to;
 bh=a318087zvthGp1xtueUWjyTTDFd5WJtzl78y8x7W14o=;
 b=G59WyHz8A6lX1owZ9T21EwSo+1jb8qQA1VKv7jvSw+Ku+u/oAFygGuflhDV0vyimlD
 3P73h+HFA6iodK4RXRIoTZis/ojJ1OwxZZfVqNAeH2oLpA0cNSGh5zYofSWlnhY8Yh/q
 FfM0uqzdD6obFiz7C8Q3TBk653U76qNAA/CuhXcVvPImPa7RjazOkBej1oIyyTj7+DUg
 tIGB4WfpXpOaGpG4VZexoMTCleQK63zw9qHnUCgA1UCu0+jQXq/etiCrX077ODbUdNIP
 HiwVsNg3B+bTyE9CvqIK4coVoLJnvM0oK2gL8YvZc3B7XS8CtRcT2azNaCp51y27XEN9
 jYEg==
X-Gm-Message-State: ALoCoQntamP0G76InwbfMvkvfpQdcVlSp8BMEXRERdZs7lyfqiJIq+w4v0nhYAUk0iYqnUaO36Y/
X-Received: by 10.51.17.97 with SMTP id gd1mr928068igd.18.1402522288999;
 Wed, 11 Jun 2014 14:31:28 -0700 (PDT)
Received: from [172.31.35.2] (75-128-101-59.dhcp.sgnw.mi.charter.com.
 [75.128.101.59])
 by mx.google.com with ESMTPSA id mj5sm190023igb.6.2014.06.11.14.31.27
 for <multiple recipients>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 11 Jun 2014 14:31:28 -0700 (PDT)
References: <53979DA8.60002@sky-ip.org> <5397A0D9.403@freebsd.org>
 <5397A16E.8080504@sky-ip.org> <5397A2C3.1090109@freebsd.org>
 <5397AE8F.8020000@sky-ip.org>
 <8B8FC782-7DF2-4BD3-883D-4ADE7E07822A@dataix.net>
 <5398B3C4.4050009@sky-ip.org>
 <CAO2cuEOWA=tas1q2ROuC5qUpB7YZhhFsz3t=Y2B7_G3gmzOD9Q@mail.gmail.com>
 <5398C5F0.6030203@sky-ip.org>
Mime-Version: 1.0 (1.0)
In-Reply-To: <5398C5F0.6030203@sky-ip.org>
Content-Type: multipart/signed; micalg=sha1;
 boundary=Apple-Mail-AB37220B-ACF4-407C-81AE-F92F18A4C79D;
 protocol="application/pkcs7-signature"
Content-Transfer-Encoding: 7bit
Message-Id: <0FA473B3-D3F9-4291-9A85-D16D201FF19A@dataix.net>
X-Mailer: iPhone Mail (11B554a)
From: Jason Hellenthal <jhellenthal@dataix.net>
Subject: Re: Assign Lookback address 127.0.0.1 to jail
Date: Wed, 11 Jun 2014 17:31:25 -0400
To: "s7r@sky-ip.org" <s7r@sky-ip.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.18
Cc: "freebsd-jail@freebsd.org" <freebsd-jail@freebsd.org>
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2014 21:31:30 -0000


--Apple-Mail-AB37220B-ACF4-407C-81AE-F92F18A4C79D
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable



--=20
 Jason Hellenthal
 Voice: 95.30.17.6/616
 JJH48-ARIN

> On Jun 11, 2014, at 17:11, "s7r@sky-ip.org" <s7r@sky-ip.org> wrote:
>=20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
>> On 6/11/2014 11:56 PM, Jason Hellenthal wrote:
>> Simple.
>>=20
>> echo 'options VIMAGE' >>/sys/`uname -p`/GENERIC cd /usr/src && make
>> buildkernel && make installkernel
> This is perfectly, clear - hope it does not affect the current
> functionality and installed ports on the running machine?
>=20
>> Make the necessary adjustments to ensure your system is stable as
>> you want it to be during testing and then lock the settings for the
>> jails into the perspective configuration files and the host
>> systems /etc/rc.conf for the interfaces you will use.
>>=20
>> Just an example of my base jail that I use for setting up other
>> jails on the fly... exec.stop =3D "/bin/sh /etc/rc.shutdown";=20
>> exec.poststop =3D "umount /export/cnt/$name/dev"; exec.clean;
>>=20
>> mount.devfs;
>>=20
>> path =3D "/export/cnt/$name";
>>=20
>> allow.raw_sockets; allow.socket_af; vnet =3D new;
>>=20
>> base { host.hostname =3D base; vnet.interface =3D vnet0; securelevel =3D
>> 3; exec.start =3D "ifconfig vnet0 inet 172.X.X.22/22 broadcast=20
>> 172.X.X.255"; exec.start +=3D "route add default 172.X.X.1";=20
>> exec.start +=3D "/bin/sh /etc/rc"; }
> Q1: All This is tot be pasted into jails's /etc/rc.conf file?

That portion is for the jail.conf(5) syntax. /etc/jail.conf

Possibly easyjail ? In /usr/local as well but I'm unfamiliar with easyjail b=
ut the above settings in place should effect globally.


>=20
> Q2: 172.X.X.22/22 -> I want to assign a public IP address to the jail,
> and a local loopback address.

You wont have to worry about the loop back as that will be automatically con=
figured since it will now have its own virtual network stack. And it's very o=
wn lo0 interface.

The public IP space you can just change that 172 class B to whatever you nee=
d in the jail.conf to set that for every time the jail starts.

>=20
> Q3: route add default - this is the default router? this should be the
> host's public IP address or the IP address of the gateway assigned by
> my ISP?

If I'm understanding that correctly yes. Think of this now as its own entity=
 with its own network stack. Your just configuring it just like you would if=
 you were setting up an actual additional machine on your network.

>=20
>> And in my systems rc.conf... ifconfig_interface0_name=3D"vnet0"
> No IP address here or alias for vnet0? In host's /etc/rc.conf? Just
> interface0_name=3D"vnet0"? Shouldn't interface0 be em0, the default
> interface of the host? Shouldn't that come first?
>=20
>> I actually give my base template jail a full actual interface to
>> work with so I can segment it off on the network at the switch
>> level and drop it into another management vlan. But the
>> configuration is simple and similar to other interfaces virtual or
>> not like if_epair(4).
>>=20
>> The rest of the jail configuration as in rc.conf and such within
>> the jail is the same as if it was not a VIMAGE so you should
>> already be aware of those details so I won't rattle on with those.
>> But if you have any specific questions about this as you move
>> through setting up VIMAGE jails feel free to give me a hollar
>> directly or back to this list and Ill be happy to give you a hand.
>>=20
>>=20
>>=20
>>=20
>> On Wed, Jun 11, 2014 at 3:53 PM, s7r@sky-ip.org
>> <mailto:s7r@sky-ip.org> <s7r@sky-ip.org <mailto:s7r@sky-ip.org>>
>> wrote:
>>=20
>>> On 6/11/2014 4:46 AM, Jason Hellenthal wrote:
>>> You could just go with building the host kernel with VIMAGE  . .
>>> . Then each jail has its own virtual network stack.
>>=20
>>> image.png
>>=20
>>> -- Jason Hellenthal Voice: 95.30.17.6/616
>>> <http://95.30.17.6/616>
>> JJH48-ARIN
>>=20
>>> On Jun 10, 2014, at 21:19, "s7r@sky-ip.org
>>> <mailto:s7r@sky-ip.org> <mailto:s7r@sky-ip.org
>>> <mailto:s7r@sky-ip.org>>" <s7r@sky-ip.org
>> <mailto:s7r@sky-ip.org> <mailto:s7r@sky-ip.org
>> <mailto:s7r@sky-ip.org>>>
>>> wrote:
>>=20
>>> On 6/11/2014 3:28 AM, Allan Jude wrote:
>>>>>> On 2014-06-10 20:23, s7r@sky-ip.org
>>>>>> <mailto:s7r@sky-ip.org>
>> <mailto:s7r@sky-ip.org <mailto:s7r@sky-ip.org>>
>>>>>> wrote:
>>>>>>>> On 6/11/2014 3:20 AM, Allan Jude wrote:
>>>>>>>> On 2014-06-10 20:07, s7r@sky-ip.org
>>>>>>>> <mailto:s7r@sky-ip.org> <mailto:s7r@sky-ip.org
>>>>>>>> <mailto:s7r@sky-ip.org>> wrote:
>>>>>>>>> Hi,
>>>>>>>>>=20
>>>>>>>>> Operating system is FreeBSD 10.0 64 Bit
>>>>>>>>>=20
>>>>>>>>> I have installed ezjail from ports and properly=20
>>>>>>>>> configured a jail with its own static and dedicated
>>>>>>>>> IP address. Everything works good, it's just that I
>>>>>>>>> have an application which requires to talk to another
>>>>>>>>> one via RPC on IP 127.0.0.1, and I have noticed the
>>>>>>>>> jail does not have a lo0 interface or localhost
>>>>>>>>> 127.0.0.1 IP address.
>>>>>>>>>=20
>>>>>>>>> This is bad because the application has no choice
>>>>>>>>> but to bind to the public IP address assigned to the
>>>>>>>>> jail, and it's not safe.
>>>>>>>>>=20
>>>>>>>>> How can I add a lo0 interface with IP 127.0.0.1 to a=20
>>>>>>>>> jail?
>>>>>>>>>=20
>>>>>>>>> Thanks in advance.=20
>>>>>>>>> _______________________________________________=20
>>>>>>>>> freebsd-jail@freebsd.org
>>>>>>>>> <mailto:freebsd-jail@freebsd.org>=20
>>>>>>>>> <mailto:freebsd-jail@freebsd.org
>> <mailto:freebsd-jail@freebsd.org>> mailing list
>>>>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to
>>>>>>>>> "freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>
>>>>>>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>>"
>>>>>>>=20
>>>>>>>> Does it have to be 127.0.0.1? You can add an alias
>>>>>>>> like 127.0.0.2 to the lo0 interface and use that.
>>>>>>>=20
>>>>>>>> Inside the jail, 127.0.0.1 is mapped to the IP of the=20
>>>>>>>> jail.
>>>>>>>=20
>>>>>>>> Using ezjail, you can also allocate more than 1 IP=20
>>>>>>>> address to a jail by comma separating them
>>>>>>>=20
>>>>>>>> You can also make it automatically alias the IPs for
>>>>>>>> you with the syntax:
>>>>>>>=20
>>>>>>>> em0|192.168.0.10,lo0|127.0.0.2 etc
>>>>>>>=20
>>>>>>>=20
>>>>>>>=20
>>>>>>> Thank you Allan for your fast reply.
>>>>>>>=20
>>>>>>> I have the jail already created via: # ezjail-admin
>>>>>>> create <jailname> <em0|public IP>
>>>>>>>=20
>>>>>>> How do I modify the already existing jail to have=20
>>>>>>> 127.0.0.2, for example, or can't  I just have 127.0.0.1
>>>>>>> in the jail?
>>>>>>>=20
>>>>>>> _______________________________________________=20
>>>>>>> freebsd-jail@freebsd.org
>>>>>>> <mailto:freebsd-jail@freebsd.org>
>> <mailto:freebsd-jail@freebsd.org
>> <mailto:freebsd-jail@freebsd.org>>
>>>>>>> mailing list=20
>>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
>>>>>>> To unsubscribe, send any mail to=20
>>>>>>> "freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>
>>>>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>>"
>>>>>>=20
>>>>>> Stop the jail, and then edit
>>>>>> /usr/local/etc/ezjail/jail_name
>>>>>>=20
>>>>>> and change the line that defines the IPs
>>=20
>>> Thank you it works, with 127.0.0.2
>>=20
>>> If I try to add 127.0.0.1 will this create any conflicts with
>>> the host or will it work? Because i have something important
>>> listening on hosts's 127.0.0.1 and don't want to mess up. I would
>>> need the same configuration within the jail also, so that's why I
>>> need the .1 localhost IP.
>>=20
>>>> _______________________________________________=20
>>>> freebsd-jail@freebsd.org <mailto:freebsd-jail@freebsd.org>
>> <mailto:freebsd-jail@freebsd.org
>> <mailto:freebsd-jail@freebsd.org>>
>>>> mailing list=20
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail To=20
>>>> unsubscribe, send any mail to=20
>>>> "freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>
>>>> <mailto:freebsd-jail-unsubscribe@freebsd.org
>> <mailto:freebsd-jail-unsubscribe@freebsd.org>>"
>>=20
>>=20
>> Hey Jason
>>=20
>> Thanks for your suggestion. can you please ellaborate a little bit
>> and tell me how can i do this step by step? I have an already
>> installed system with ezjail and already created one jail - how can
>> I add VIMAGE to have virtual network stack in each jail without
>> having to reinstall the host or the jails? Thank you, looking
>> forward for your reply.
> Thank you.
> - --=20
> s7r
> PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
> PGP Pubkey: http://www.sky-ip.org/s7r@sky-ip.org.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
>=20
> iQEcBAEBAgAGBQJTmMXvAAoJEIN/pSyBJlsRexUH/j3MJ7iX+jjONjdYseELq749
> 6ZgyaVGS7WqC5Wzst2bd3nlmRUS4qkVLTJRzrFEw5mLpTxOpmgmYZSIEzWHt83Rq
> s++Et0wB3TKRMUofbI1Pfy+tyox+Q3vunXU1w0HtUS/IWceEsIO7k2nqZPnzwnuq
> RdwShXn1OCosdpu+ERG6WRZjjUsv//5gwZBTaEyp/ksJX6XaryviuTWZ1ZYJnICS
> ricFl26XcqW6SDHqTAav5WGWVOiLSZnwn9JovyFmiMywlKa0ytkc/wRdCYOUFWla
> KHkMJlCATeFPPO3tCmOfl9uU5uOoAbzdImI16Xs+WDpy9zCNPQq4zlCwg8kZPIM=3D
> =3D8N1Z
> -----END PGP SIGNATURE-----

--Apple-Mail-AB37220B-ACF4-407C-81AE-F92F18A4C79D
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Disposition: attachment;
	filename=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIUOTCCBjAw
ggUYoAMCAQICAwohwzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0
YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcx
ODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENB
MB4XDTE0MDYwMzAzMzkyN1oXDTE1MDYwMzE4MDgxM1owSDEfMB0GA1UEAwwWamhlbGxlbnRoYWxA
ZGF0YWl4Lm5ldDElMCMGCSqGSIb3DQEJARYWamhlbGxlbnRoYWxAZGF0YWl4Lm5ldDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJKGjiPzL417iKfMoeneq5efP1IaUUtMOy8yf+e7vO6k
JF8PWpXPevNbHzgWqB+EyEqjlNdsIApe9dl8Pb4/wLxjGpeoI9h83WzblarnczZfK7s0eyT/qN0Q
d9wFoX7ScyFdpFNW4TyCUNsRrqWkW1PM+nYcix9Ro9i9N89nQjIuND/2JZBgnGVys1yAqN6XF2e8
RAKlD1e5hJ3xyM7STk74Jex9b/D8jF/gmKTbJZ8zKST3VnEVIPTNUtDyCKrfwHEUT7PlLTPFBmXS
YxbK33AkYF7hHR8YP1zzlShucaef1Fsqj1dz151XjqIvgLetfDUDQJTRKaQSqouYbQibC4sCAwEA
AaOCAtwwggLYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDBDAdBgNVHQ4EFgQUzDac0huOVpzovDj7gQlVDDg1z4swHwYDVR0jBBgwFoAUU3Ltkpzg
2ssBXHx+ljVO8tS4UYIwIQYDVR0RBBowGIEWamhlbGxlbnRoYWxAZGF0YWl4Lm5ldDCCAUwGA1Ud
IASCAUMwggE/MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29y
ZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3RhcnRD
b20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBpbiBj
b21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAtMCug
KaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcBAQSB
gTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9jbGll
bnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5jbGFz
czEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wDQYJ
KoZIhvcNAQELBQADggEBABTurlkTDTe7R/3Va4AJzgeLybzHTijxvU9VE985fuKRBxS3x0cjKODM
Gv4ynlsHCZHONGouIbuU1W0dcaiWA2Qxo0gqwXoGFZ65ERgRhot1n8UKQTvVKg/qhd2RGgqaqFFY
qagXQAPglmpyvq3Hk6AN0E9XqAnbWCVaXUk0Al/TgZlCFtfE1NxfSkfF6u4ffkhj3AHHkbtBXsAe
aSVF/ZJ7ET4Ji//oozVxJktOFQzb96HgMYKMk/YSznIqt3guY3KJbahQiVouWErvQaMYsXX5JUOQ
YjnSa2/axNOTnUCPhDrgoS7BAJtJvNao8XWkRpp8RqqqhIywhrCsQlkRj7MwggY0MIIEHKADAgEC
AgEeMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQu
MSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBT
dGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzEwMjQyMTAxNTVaFw0xNzEwMjQy
MTAxNTVaMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xh
c3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+ijKDjKaIQZZVR63UbxIP6uq/I0fhCu+cQhoUfE6E
RKKnu8zPf1Jwuk0tsvVCk6U9b+0UjM0dLep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsuz9/9f1+1
PKHG/FaR/wpbfuIqu54qzHDYeqiUfsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8Q89lGxahNvur
yGaC/o2/ceD2uYDX9U8Eg5DpIpGQdcbQeGarV04WgAUjjXX5r/2dabmtxWMZwhZna//jdiSyrrSM
TGKkDiXm6/3/4ebfeZuCYKzN2P8O2F/Xe2AC/Y7zeEsnR7FOp+uXAgMBAAGjggGtMIIBqTAPBgNV
HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUU3Ltkpzg2ssBXHx+ljVO8tS4
UYIwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUHAQEEWjBYMCcGCCsG
AQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwLQYIKwYBBQUHMAKGIWh0dHA6Ly93
d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nmc2Nh
LmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3
LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3Ns
LmNvbS9pbnRlcm1lZGlhdGUucGRmMA0GCSqGSIb3DQEBBQUAA4ICAQAKgwh9eKssBly4Y4xerhy5
I3dNoXHYfYa8PlVLL/qtXnkFgdtY1o95CfegFJTwqBBmf8pyTUnFsukDFUI22zF5bVHzuJ+GxhnS
qN2sD1qetbYwBYK2iyYA5Pg7Er1A+hKMIzEzcduRkIMmCeUTyMyikfbUFvIBivtvkR8ZFAk22BZy
+pJfAoedO61HTz4qSfQoCRcLN5A0t4DkuVhTMXIzuQ8CnykhExD6x4e6ebIbrjZLb7L+ocR0y4Yj
Cl/Pd4MXU91y0vTipgr/O75CDUHDRHCCKBVmz/Rzkc/b970MEeHt5LC3NiWTgBSvrLEuVzBKM586
YoRD9Dy3OHQgWI270g+5MYA8GfgI/EPT5G7xPbCDz+zjdH89PeR3U4So4lSXur6H6vp+m9TQXPF3
a0LwZrp8MQ+Z77U1uL7TelWO5lApsbAonrqASfTpaprFVkL4nyGH+NHST2ZJPWIBk81i6Vw0ny0q
ZW2Niy/QvVNKbb43A43ny076khXO7cNbBIRdJ/6qQNq9Bqb5C0Q5nEsFcj75oxQRqlKf6TcvGbjx
kJh8BYtv9ePsXklAxtm8J7GCUBthHSQgepbkOexhJ0wP8imUkyiPHQ0GvEnd83129fZjoEhdGwXV
27ioRKbj/cIq7JRXun0NbeY+UdMYu9jGfIpDLtUUGSgsg2zMGs5R4jCCB8kwggWxoAMCAQICAQEw
DQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzAp
BgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0
Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MDkxNzE5NDYzNloXDTM2MDkxNzE5NDYz
NlowfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3Vy
ZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwYjbCbxsRnx4
n5V7tTOQ8nJi1sE2ICIkXs7pd/JDCqIGZKTMjjb4OOYj8G5tsTzdcqOFHKHTPbQzK9Mvr/7qsEFZ
Z7bEBn0KnnSF1nlMgDd63zkFUln39BtGQ6TShYXSw3HzdWI0uiyKfx6P7u000BHHls1SPboz1t1N
3gs7SkufwiYv+rUWHHI1d8o8XebK4SaLGjZ2XAHbdBQl/u21oIgP3XjKLR8HlzABLXJ5+kbWEyqo
uaarg0kd5fLv3eQBjhgKj2NTFoViqQ4ZOsy1ZqbCa3QH5Cvhdj60bdj2ROFzYh87xL6gU1YlbFEJ
96qryr92/W2b853bvz1mvAxWqq+YSJU6S9+nWFDZOHWpW+pDDAL/mevobE1wWyllnN2qXcyvATHs
DOvSjejqnHvmbvcnZgwaSNduQuM/3iE+e+ENcPtjqqhsGlS0XCV6yaLJixamuyx+F14FTVhuEh0B
7hIQDcYyfxj//PT6zW6R6DZJvhpIaYvClk0aErJpF8EKkNb6eSJIv7p7afhwx/p6N9jYDdJ2T1f/
kLfjkdLd78Jgt2c63f6qnPDUi39yIs7Gn5e2+K+KoBCo2fsYxra1XFI8ibYZKnMBCg8DsxJg8nov
gdujbv8mMJf1i92JV7atPbOvK8W3dgLwpdYrmoYUKnL24zOMXQlLE9+7jHQTUksCAwEAAaOCAlIw
ggJOMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgGuMB0GA1UdDgQWBBROC+8apEBbpRdphzDKNGhD
0EGu8jBkBgNVHR8EXTBbMCygKqAohiZodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvc2ZzY2EtY3Js
LmNybDAroCmgJ4YlaHR0cDovL2NybC5zdGFydGNvbS5vcmcvc2ZzY2EtY3JsLmNybDCCAV0GA1Ud
IASCAVQwggFQMIIBTAYLKwYBBAGBtTcBAQEwggE7MC8GCCsGAQUFBwIBFiNodHRwOi8vY2VydC5z
dGFydGNvbS5vcmcvcG9saWN5LnBkZjA1BggrBgEFBQcCARYpaHR0cDovL2NlcnQuc3RhcnRjb20u
b3JnL2ludGVybWVkaWF0ZS5wZGYwgdAGCCsGAQUFBwICMIHDMCcWIFN0YXJ0IENvbW1lcmNpYWwg
KFN0YXJ0Q29tKSBMdGQuMAMCAQEagZdMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUgc2VjdGlv
biAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhv
cml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3ku
cGRmMBEGCWCGSAGG+EIBAQQEAwIABzA4BglghkgBhvhCAQ0EKxYpU3RhcnRDb20gRnJlZSBTU0wg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggIBABZsmfRmDDT10IVefQrs
2hBOOBxe36YlBUuRMsHoO/E93UQJWwdJiinLZgK3sZr3JZgJPI4b4d02hytLu2jTOWY9oCbH8jmR
HVGrgnt+1c5a5OIDV3Bplwj5XlimCt+MBppFFhY4Cl5X9mLHegIF5rwetfKe9Kkpg/iyFONuKIdE
w5Aa3jipPKxDTWRFzt0oqVzyc3sE+Bfoq7HzLlxkbnMxOhK4vLMR5H2PgVGaO42J9E2TZns8A+3T
mh2a82VQ9aDQdZ8vr/DqgkOY+GmciXnEQ45GcuNkNhKv9yUeOImQd37Da2q5w8tES6x4kIvnxywe
SxFEyDRSJ80KXZ+FwYnVGnjylRBTMt2AhGZ12bVoKPthLr6EqDjAmRKGpR5nZK0GLi+pcIXHlg98
iWX1jkNUDqvdpYA5lGDANMmWcCyjEvUfSHu9HH5rt52Q9CI7rvj8Ksr6glKg769LVZPrwbXwIous
NE4mIgShhyx1SrflfRPXuAxkwDbSyS+GEowjCcEbgjtzSaNqV4eU5dZ4xZlDY+NN4Hct4WWZcmkE
GkcJ5g8BViT7H78OealYLrnECQF+lbptAAY+supKEDnY0Cv1v+x1v5cCxQkbCNxVN+KB+zeEQ2Ig
yudWS2Xq/mzBJJMkoTTrBf+aIq6bfT/xZVEKpjBqs/SIHIAN/HKK6INeMYIDbzCCA2sCAQEwgZQw
gYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFBy
aW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQQIDCiHDMAkGBSsOAwIaBQCgggGvMBgGCSqGSIb3
DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE0MDYxMTIxMzEyN1owIwYJKoZIhvcN
AQkEMRYEFKeIjWGP1K8sO/TptavCGuYR0TGVMIGlBgkrBgEEAYI3EAQxgZcwgZQwgYwxCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBD
ZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50
ZXJtZWRpYXRlIENsaWVudCBDQQIDCiHDMIGnBgsqhkiG9w0BCRACCzGBl6CBlDCBjDELMAkGA1UE
BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENl
cnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRl
cm1lZGlhdGUgQ2xpZW50IENBAgMKIcMwDQYJKoZIhvcNAQEBBQAEggEAhbiguZqbPTO2OruuMBlO
edXag3uIYHWiGwIQXh+psZp4IUqun9txhalzk+xY9BfWZwld/DyG4QNf71gyhKxVeuIRSRgJntaf
gaXC6OFOnPLfB8joJgrMdSkjC3Q40jtodruMGWJ2JjX1uGv8RLUslHYh6gph/LHEDxgCjEroRcGl
b9yY66Xs/32OXPX9ntsjrW4MWJqLbA9x8jm7KMpgdvj2aDJqdn6Dfoju5RbHQP32xETIcHLlYpot
cAJCtWDNIRI+V/bQX2kQba2PL7yEogSvf4xXJzOqCZLAJyfonQx9ZqeEmgbmmKi+5b4PqCSmPjsG
NzYlTpPLqPCSfCd/6AAAAAAAAA==

--Apple-Mail-AB37220B-ACF4-407C-81AE-F92F18A4C79D--