如何在 Vagrant 中将 Ubuntu 配置为路由器
How to configure Ubuntu as router in Vagrant
我正在尝试使用 Vagrant 配置一个简单的网络结构,如下图所示:
如您所见,我旨在模拟从 attacker
到 router
并达到 victim
的黑客攻击,但这对我正在努力解决的问题并不重要.
到目前为止,这是我的 Vagrantfile(VritualBox 用作提供程序):
Vagrant.configure("2") do |config|
config.vm.define "router" do |router|
router.vm.box = "hashicorp/bionic64"
router.vm.network "private_network", ip: "192.168.232.1"
router.vm.network "private_network", ip: "192.168.248.1"
router.vm.provision "shell", inline: <<-SHELL
sudo apt-get install traceroute
echo -e "\nnet.ipv4.ip_forward=1" >> /etc/sysctl.conf
SHELL
router.vm.provision :reload
end
config.vm.define "attacker" do |attacker|
attacker.vm.box = "hashicorp/bionic64"
attacker.vm.network "private_network", ip: "192.168.232.2"
attacker.vm.provision "shell",
inline: "sudo apt-get install traceroute"
attacker.vm.provision "shell",
run: "always",
inline: "sudo route add default gw 192.168.232.1"
end
config.vm.define "victim" do |victim|
victim.vm.box = "hashicorp/bionic64"
victim.vm.network "private_network", ip: "192.168.248.2"
victim.vm.provision "shell",
inline: "sudo apt-get install traceroute"
victim.vm.provision "shell",
run: "always",
inline: "sudo route add default gw 192.168.248.1"
end
end
请注意,我使用的是 vagrant-reload
插件,因此您必须在执行 vagrant up
之前安装它
vagrant plugin install vagrant-reload
Vagrantfile 的作用:
- 在
router
机器中将 net.ipv4.ip_forward
设置为 1
- 将默认网关 192.168.232.1 添加到
attacker
机器
- 将默认网关 192.168.248.1 添加到
victim
机器
只是为了确认启用 net.ipv4.ip_forward
对 router
有效:
$ cat /proc/sys/net/ipv4/ip_forward
1
不幸的是,我无法让它工作。当我尝试从 attacker
机器上 ping 192.168.248.2
时,我没有得到任何回应。 traceroute
的输出似乎正在通过 router
机器,但它卡在那里,永远不会到达 victim
:
traceroute to 192.168.248.2 (192.168.248.2), 30 hops max, 60 byte packets
1 legion (192.168.232.1) 0.300 ms 0.454 ms 0.439 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
attacker
机器上 netstat -r
的输出:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default legion 0.0.0.0 UG 0 0 0 eth1
default _gateway 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
_gateway 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.232.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
我不知道为什么我添加的新网关被命名为 legion
,但我认为它以某种方式从我的笔记本电脑主机名中获取(它是 Lenovo Legion,命名为 legion
)。
victim
机器上 netstat -r
的输出:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default legion 0.0.0.0 UG 0 0 0 eth1
default _gateway 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
_gateway 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.248.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
router
机器上 netstat -r
的输出:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
_gateway 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.232.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.248.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
attacker
机器上 ifconfig
的输出:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:febb:1475 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:bb:14:75 txqueuelen 1000 (Ethernet)
RX packets 1271 bytes 129981 (129.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 926 bytes 141073 (141.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.232.2 netmask 255.255.255.0 broadcast 192.168.232.255
inet6 fe80::a00:27ff:fe5f:4829 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:5f:48:29 txqueuelen 1000 (Ethernet)
RX packets 20 bytes 1704 (1.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 137 bytes 10188 (10.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 16 bytes 1628 (1.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1628 (1.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ifconfig
在 victim
机器上的输出:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:febb:1475 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:bb:14:75 txqueuelen 1000 (Ethernet)
RX packets 973 bytes 101812 (101.8 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 725 bytes 111966 (111.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.248.2 netmask 255.255.255.0 broadcast 192.168.248.255
inet6 fe80::a00:27ff:fe98:9693 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:98:96:93 txqueuelen 1000 (Ethernet)
RX packets 6 bytes 486 (486.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38 bytes 2812 (2.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 44 bytes 3574 (3.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 44 bytes 3574 (3.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ifconfig
在 router
机器上的输出:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:febb:1475 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:bb:14:75 txqueuelen 1000 (Ethernet)
RX packets 1866 bytes 164707 (164.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1301 bytes 165459 (165.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.232.1 netmask 255.255.255.0 broadcast 192.168.232.255
inet6 fe80::a00:27ff:fe90:2720 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:90:27:20 txqueuelen 1000 (Ethernet)
RX packets 1 bytes 60 (60.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34 bytes 2466 (2.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.248.1 netmask 255.255.255.0 broadcast 192.168.248.255
inet6 fe80::a00:27ff:fe3b:238b prefixlen 64 scopeid 0x20<link>
ether 08:00:27:3b:23:8b txqueuelen 1000 (Ethernet)
RX packets 2 bytes 120 (120.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34 bytes 2466 (2.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 10 bytes 714 (714.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 714 (714.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
您对这里可能出现的问题有什么想法吗?也许我遗漏了一些明显的东西。
您在 victim
和 attacker
上有一个名为 _gateway
的冗余默认网关。您应该删除它,只留下通过 eth1
接口连接到路由器的那个。
虽然 @thejazzroot
的回答清楚地指出了我问题的根本原因,但这并不是我必须做的所有事情才能使其正常工作。出于某种原因,我无法从 attacker
ping victim
(反之亦然),直到我从 router
.
ping 了其中一台机器。
这很奇怪。为什么网络只有在机器相互 ping 后才能开始工作?现在我找到了答案:vagrant
在每个子网中自动为主机分配 .1
IP(所以在我的例子中是 192.168.232.1
和 192.168.248.1
)。不幸的是,这些 IP 与我分配给 router
VM 的 IP 完全相同,attacker
/victim
机器已设置为它们的网关!因此,有 2 台机器分配了完全相同的 IP,似乎当从 router
ping attacker
/victim
时,它以某种方式选择了 router
而不是 legion
.现在,legion
名称在 netstat -r
.
输出中的来源也很有意义
TL;DR
我更改了两个子网中的 router
IP,因为与 vagrant
自动分配给主机的 IP 发生冲突:
192.168.232.1 -> 192.168.232.10
192.168.248.1 -> 192.168.248.10
如果有人正在寻找完整的解决方案,我将在此处发布我最终的 Vagrantfile:
Vagrant.configure("2") do |config|
config.vm.define "attacker" do |attacker|
attacker.vm.box = "hashicorp/bionic64"
attacker.vm.network "private_network", ip: "192.168.232.2"
attacker.vm.provision "shell",
run: "always",
inline: <<-SHELL
ip route delete default
ip route add default via 192.168.232.1
SHELL
end
config.vm.define "victim" do |victim|
victim.vm.box = "hashicorp/bionic64"
victim.vm.network "private_network", ip: "192.168.248.2"
victim.vm.provision "shell",
run: "always",
inline: <<-SHELL
ip route delete default
ip route add default via 192.168.248.1
SHELL
end
config.vm.define "router" do |router|
router.vm.box = "hashicorp/bionic64"
router.vm.network "private_network", ip: "192.168.232.1"
router.vm.network "private_network", ip: "192.168.248.1"
router.vm.provision "shell",
inline: <<-SHELL
echo -e "\nnet.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
SHELL
end
end
我正在尝试使用 Vagrant 配置一个简单的网络结构,如下图所示:
如您所见,我旨在模拟从 attacker
到 router
并达到 victim
的黑客攻击,但这对我正在努力解决的问题并不重要.
到目前为止,这是我的 Vagrantfile(VritualBox 用作提供程序):
Vagrant.configure("2") do |config|
config.vm.define "router" do |router|
router.vm.box = "hashicorp/bionic64"
router.vm.network "private_network", ip: "192.168.232.1"
router.vm.network "private_network", ip: "192.168.248.1"
router.vm.provision "shell", inline: <<-SHELL
sudo apt-get install traceroute
echo -e "\nnet.ipv4.ip_forward=1" >> /etc/sysctl.conf
SHELL
router.vm.provision :reload
end
config.vm.define "attacker" do |attacker|
attacker.vm.box = "hashicorp/bionic64"
attacker.vm.network "private_network", ip: "192.168.232.2"
attacker.vm.provision "shell",
inline: "sudo apt-get install traceroute"
attacker.vm.provision "shell",
run: "always",
inline: "sudo route add default gw 192.168.232.1"
end
config.vm.define "victim" do |victim|
victim.vm.box = "hashicorp/bionic64"
victim.vm.network "private_network", ip: "192.168.248.2"
victim.vm.provision "shell",
inline: "sudo apt-get install traceroute"
victim.vm.provision "shell",
run: "always",
inline: "sudo route add default gw 192.168.248.1"
end
end
请注意,我使用的是 vagrant-reload
插件,因此您必须在执行 vagrant up
vagrant plugin install vagrant-reload
Vagrantfile 的作用:
- 在
router
机器中将net.ipv4.ip_forward
设置为1
- 将默认网关 192.168.232.1 添加到
attacker
机器 - 将默认网关 192.168.248.1 添加到
victim
机器
只是为了确认启用 net.ipv4.ip_forward
对 router
有效:
$ cat /proc/sys/net/ipv4/ip_forward
1
不幸的是,我无法让它工作。当我尝试从 attacker
机器上 ping 192.168.248.2
时,我没有得到任何回应。 traceroute
的输出似乎正在通过 router
机器,但它卡在那里,永远不会到达 victim
:
traceroute to 192.168.248.2 (192.168.248.2), 30 hops max, 60 byte packets
1 legion (192.168.232.1) 0.300 ms 0.454 ms 0.439 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
attacker
机器上 netstat -r
的输出:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default legion 0.0.0.0 UG 0 0 0 eth1
default _gateway 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
_gateway 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.232.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
我不知道为什么我添加的新网关被命名为 legion
,但我认为它以某种方式从我的笔记本电脑主机名中获取(它是 Lenovo Legion,命名为 legion
)。
victim
机器上 netstat -r
的输出:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default legion 0.0.0.0 UG 0 0 0 eth1
default _gateway 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
_gateway 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.248.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
router
机器上 netstat -r
的输出:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
_gateway 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.232.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.248.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
attacker
机器上 ifconfig
的输出:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:febb:1475 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:bb:14:75 txqueuelen 1000 (Ethernet)
RX packets 1271 bytes 129981 (129.9 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 926 bytes 141073 (141.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.232.2 netmask 255.255.255.0 broadcast 192.168.232.255
inet6 fe80::a00:27ff:fe5f:4829 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:5f:48:29 txqueuelen 1000 (Ethernet)
RX packets 20 bytes 1704 (1.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 137 bytes 10188 (10.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 16 bytes 1628 (1.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1628 (1.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ifconfig
在 victim
机器上的输出:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:febb:1475 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:bb:14:75 txqueuelen 1000 (Ethernet)
RX packets 973 bytes 101812 (101.8 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 725 bytes 111966 (111.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.248.2 netmask 255.255.255.0 broadcast 192.168.248.255
inet6 fe80::a00:27ff:fe98:9693 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:98:96:93 txqueuelen 1000 (Ethernet)
RX packets 6 bytes 486 (486.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38 bytes 2812 (2.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 44 bytes 3574 (3.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 44 bytes 3574 (3.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ifconfig
在 router
机器上的输出:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:febb:1475 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:bb:14:75 txqueuelen 1000 (Ethernet)
RX packets 1866 bytes 164707 (164.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1301 bytes 165459 (165.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.232.1 netmask 255.255.255.0 broadcast 192.168.232.255
inet6 fe80::a00:27ff:fe90:2720 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:90:27:20 txqueuelen 1000 (Ethernet)
RX packets 1 bytes 60 (60.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34 bytes 2466 (2.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.248.1 netmask 255.255.255.0 broadcast 192.168.248.255
inet6 fe80::a00:27ff:fe3b:238b prefixlen 64 scopeid 0x20<link>
ether 08:00:27:3b:23:8b txqueuelen 1000 (Ethernet)
RX packets 2 bytes 120 (120.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34 bytes 2466 (2.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 10 bytes 714 (714.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 714 (714.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
您对这里可能出现的问题有什么想法吗?也许我遗漏了一些明显的东西。
您在 victim
和 attacker
上有一个名为 _gateway
的冗余默认网关。您应该删除它,只留下通过 eth1
接口连接到路由器的那个。
虽然 @thejazzroot
的回答清楚地指出了我问题的根本原因,但这并不是我必须做的所有事情才能使其正常工作。出于某种原因,我无法从 attacker
ping victim
(反之亦然),直到我从 router
.
这很奇怪。为什么网络只有在机器相互 ping 后才能开始工作?现在我找到了答案:vagrant
在每个子网中自动为主机分配 .1
IP(所以在我的例子中是 192.168.232.1
和 192.168.248.1
)。不幸的是,这些 IP 与我分配给 router
VM 的 IP 完全相同,attacker
/victim
机器已设置为它们的网关!因此,有 2 台机器分配了完全相同的 IP,似乎当从 router
ping attacker
/victim
时,它以某种方式选择了 router
而不是 legion
.现在,legion
名称在 netstat -r
.
TL;DR
我更改了两个子网中的 router
IP,因为与 vagrant
自动分配给主机的 IP 发生冲突:
192.168.232.1 -> 192.168.232.10
192.168.248.1 -> 192.168.248.10
如果有人正在寻找完整的解决方案,我将在此处发布我最终的 Vagrantfile:
Vagrant.configure("2") do |config|
config.vm.define "attacker" do |attacker|
attacker.vm.box = "hashicorp/bionic64"
attacker.vm.network "private_network", ip: "192.168.232.2"
attacker.vm.provision "shell",
run: "always",
inline: <<-SHELL
ip route delete default
ip route add default via 192.168.232.1
SHELL
end
config.vm.define "victim" do |victim|
victim.vm.box = "hashicorp/bionic64"
victim.vm.network "private_network", ip: "192.168.248.2"
victim.vm.provision "shell",
run: "always",
inline: <<-SHELL
ip route delete default
ip route add default via 192.168.248.1
SHELL
end
config.vm.define "router" do |router|
router.vm.box = "hashicorp/bionic64"
router.vm.network "private_network", ip: "192.168.232.1"
router.vm.network "private_network", ip: "192.168.248.1"
router.vm.provision "shell",
inline: <<-SHELL
echo -e "\nnet.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
SHELL
end
end