[{"data":1,"prerenderedAt":508},["ShallowReactive",2],{"Categories":3,"NavIndexCategoriesCountFooter":203,"content-\u002F2008\u002F04\u002F05\u002Fbuilding-a-debian-firewall-on-a-cf-card\u002F":204},[4,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,68,70,71,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202],{"category":5},"System Administration",{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},"Software Development",{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":27},{"category":27},{"category":67},"Drones & RC",{"category":69},"DIY Projects",{"category":67},{"category":72},"Photography",{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":67},{"category":67},{"category":72},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":5},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":67},{"category":67},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":72},{"category":67},{"category":138},"3D Printing - Laser Cutting - CNC",{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":5},{"category":138},{"category":27},{"category":27},{"category":138},{"category":138},{"category":72},{"category":158},"Photography,3D Printing - Laser Cutting - CNC",{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":67},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":181},"Home Assistant",{"category":181},{"category":72},{"category":27},{"category":27},{"category":72},{"category":138},{"category":5},{"category":72},{"category":72},{"category":138},{"category":27},{"category":181},{"category":181},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},191,{"id":205,"title":206,"body":207,"category":5,"date":489,"description":213,"embedImage":490,"extension":491,"image":490,"intro":490,"meta":492,"navigation":493,"path":494,"seo":495,"series":490,"sitemap":496,"stem":497,"tags":498,"__hash__":507},"content\u002F2008\u002F04\u002F05\u002Fbuilding-a-debian-firewall-on-a-cf-card.md","Building a debian firewall on a CF card",{"type":208,"value":209,"toc":486},"minimark",[210,214,217,220,223,226,246,249,257,263,274,280,285,291,294,299,302,308,311,314,319,322,327,332,338,341,346,349,352,358,363,366,369,374,380,385,391,394,399,405,408,413,416,419,424,430,433,438,444,449,452,455,458,463,475,480],[211,212,213],"p",{},"I currently have an OpenBSD firewall running on an ancient 586. I have a mini-itx board, CF\u002FIDE converter and a CF card and have been intending to upgrade.",[211,215,216],{},"However - rather than OpenBSD I'm going to try for debian (since I know that much better).",[211,218,219],{},"This post will end up being a \"how I did it\" - but at the minute is just a collection of the notes I'm grabbing for now.",[211,221,222],{},"For the initial install - I hung a CD-ROM as the slave IDE unit on the primary IDE channel.",[211,224,225],{},"I used the 4.0r3 etch netinst CD downloaded from debian.org.",[211,227,228,229,239,240,245],{},"Install went smoothly once I replaced the CF-IDE converter with a ",[230,231,238],"a",{"href":232,"rel":233,"target":237},"http:\u002F\u002Fwww.komplett.no\u002Fk\u002Fki.aspx?sku=339710",[234,235,236],"nofollow","noopener","noreferer","_blank","newer one that supported DMA"," (the newer CF card was DMA compatible) as I simply could not get the installer to disable DMA. However - see ",[230,241,244],{"href":242,"rel":243,"target":237},"http:\u002F\u002Fbugs.debian.org\u002Fcgi-bin\u002Fbugreport.cgi?bug=475223:",[234,235,236],"debian bug 475223"," for information on how you could actually do that.",[211,247,248],{},"###Disk Mounting",[211,250,251,252,256],{},"From ",[230,253,254],{"href":254,"rel":255,"target":237},"http:\u002F\u002Fwww.debian-administration.org\u002Farticles\u002F179",[234,235,236]," I got a starter fstab and the hint about mtab. Here's the versions I ended up with:",[211,258,259],{},[260,261,262],"strong",{},"\u002Fetc\u002Ffstab",[264,265,270],"pre",{"className":266,"code":268,"language":269},[267],"language-text","proc \u002Fproc proc defaults 0 0\n\u002Fdev\u002Fhda1 \u002F ext2 noatime,errors=remount-ro 0 1\ntmpfs \u002Fetc\u002Fnetwork\u002Frun tmpfs defaults,noatime 0 0\ntmpfs \u002Ftmp tmpfs defaults,noatime 0 0\ntmpfs \u002Fvar\u002Flock tmpfs defaults,noatime 0 0\ntmpfs \u002Fvar\u002Flog tmpfs defaults,noatime 0 0\ntmpfs \u002Fvar\u002Frun tmpfs defaults,noatime 0 0\ntmpfs \u002Fvar\u002Ftmp tmpfs defaults,noatime 0 0\n","text",[271,272,268],"code",{"__ignoreMap":273},"",[211,275,276],{},[277,278,279],"em",{},"Warning: By mounting \u002Fvar\u002Flog on tmpfs, logs will only be available for the current session.",[211,281,282],{},[260,283,284],{},"\u002Fetc\u002Fmtab",[264,286,289],{"className":287,"code":288,"language":269},[267],"rm -f \u002Fetc\u002Fmtab\nln -s \u002Fproc\u002Fmounts \u002Fetc\u002Fmtab\n",[271,290,288],{"__ignoreMap":273},[211,292,293],{},"###Network",[211,295,296],{},[260,297,298],{},"IPv6",[211,300,301],{},"I have some issues with things when IPv6 is running. So, to disable IPV6 I added:",[264,303,306],{"className":304,"code":305,"language":269},[267],"blacklist ipv6\n",[271,307,305],{"__ignoreMap":273},[211,309,310],{},"to \u002Fetc\u002Fmodprobe.d\u002Fblacklist.",[211,312,313],{},"So - now the server boots, mounts the highly active parts of the system on tmpfs (we don't want to burn out the CF card).",[211,315,316],{},[260,317,318],{},"Network",[211,320,321],{},"I need both ports to come up - one to the ISP, one internal.",[211,323,324],{},[277,325,326],{},"TODO: what is the allow-hotplug bit?",[211,328,329],{},[260,330,331],{},"\u002Fetc\u002Fnetwork\u002Finterfaces",[264,333,336],{"className":334,"code":335,"language":269},[267],"# The loopback network interface\nauto lo eth0 eth1\niface lo inet loopback\n\n# The external interface\nallow-hotplug eth0\niface eth0 inet static\n address 213.187.160.178\n netmask 255.255.255.252\n gateway 213.187.160.177\n\n# The internal interface\niface eth1 inet static\n address 192.168.1.2\n netmask 255.255.255.0\n",[271,337,335],{"__ignoreMap":273},[211,339,340],{},"###Services",[211,342,343],{},[260,344,345],{},"SSH",[211,347,348],{},"Install ssh with aptitude.",[211,350,351],{},"I configured up ssh with the following sshd_config file (\u002Fetc\u002Fssh):",[264,353,356],{"className":354,"code":355,"language":269},[267],"Port 22\nProtocol 2\nHostKey \u002Fetc\u002Fssh\u002Fssh_host_rsa_key\nHostKey \u002Fetc\u002Fssh\u002Fssh_host_dsa_key\nUsePrivilegeSeparation yes\n\nKeyRegenerationInterval 3600\nServerKeyBits 768\n\nSyslogFacility AUTH\nLogLevel INFO\n\nLoginGraceTime 120\nPermitRootLogin yes\nStrictModes yes\n\nRSAAuthentication yes\nPubkeyAuthentication yes\n\nIgnoreRhosts yes\nRhostsRSAAuthentication no\nHostbasedAuthentication no\n\nPermitEmptyPasswords no\n\nChallengeResponseAuthentication no\n\n# Remember to make sure that you have a working set of .ssh\u002Fauthorized_keys before changing this from yes to no!\nPasswordAuthentication no\n\nX11Forwarding no\nPrintMotd no\nPrintLastLog yes\nTCPKeepAlive yes\n\nAcceptEnv LANG LC_*\n\nSubsystem sftp \u002Fusr\u002Flib\u002Fopenssh\u002Fsftp-server\n\nUsePAM yes\n",[271,357,355],{"__ignoreMap":273},[211,359,360],{},[260,361,362],{},"DNS",[211,364,365],{},"Install bind9 with aptitude.",[211,367,368],{},"Two new files in \u002Fetc\u002Fbind:",[211,370,371],{},[260,372,373],{},"\u002Fetc\u002Fbind\u002Fhome.chrissearle.org",[264,375,378],{"className":376,"code":377,"language":269},[267],"$ORIGIN .\n$TTL 3600 ; 1 hour\nhome.chrissearle.org IN SOA ns.home.chrissearle.org. hostmaster.chrissearle.org. (\n 2008041201 ; serial\n 3600 ; refresh 1 hr\n 1800 ; retry 30 mins\n 604800 ; expire 1 wk\n 3600 ; minimum 1 hr\n )\n NS ns.home.chrissearle.org.\n\n$ORIGIN home.chrissearle.org.\nmenavaur A 192.168.1.1 ; Old firewall\nnornour A 192.168.1.2 ; New firewall\ndolphin-tp A 192.168.1.3 ; Astrid mac mini LAN\ndolphin A 192.168.1.4 ; Astrid mac mini WLAN\nslippen-tp A 192.168.1.5 ; Chris laptop LAN\nslippen A 192.168.1.6 ; Chris laptop WLAN\nczar A 192.168.1.7 ; Linux file server\ngoldeneagle A 192.168.1.8 ; Astrid XP\ngalatea-tp A 192.168.1.9 ; Chris laptop (work) LAN\ngalatea A 192.168.1.10 ; Chris laptop (work) WLAN\nbonnet A 192.168.1.11 ; Chris iMac\nshah A 192.168.1.12 ; Unused\nislander A 192.168.1.13 ; Unused\nserica A 192.168.1.14 ; Unused\nklondyke A 192.168.1.15 ; Unused\ncampernel A 192.168.1.16 ; Unused\nbedroom-tp A 192.168.1.30 ; Airport\nbedroom A 192.168.1.31 ; Airport\nlounge-tp A 192.168.1.32 ; Airport\nlounge A 192.168.1.33 ; Airport\nstore A 192.168.1.34 ; ReadyNAS NV+\nwii A 192.168.1.35 ; Wii\ndhcp50 A 192.168.1.50 ; DHCP\ndhcp51 A 192.168.1.51 ; DHCP\ndhcp52 A 192.168.1.52 ; DHCP\ndhcp53 A 192.168.1.53 ; DHCP\ndhcp54 A 192.168.1.54 ; DHCP\ndhcp55 A 192.168.1.55 ; DHCP\ndhcp56 A 192.168.1.56 ; DHCP\ndhcp57 A 192.168.1.57 ; DHCP\ndhcp58 A 192.168.1.58 ; DHCP\ndhcp59 A 192.168.1.59 ; DHCP\ndhcp60 A 192.168.1.60 ; DHCP\nwifi1 A 192.168.1.200 ; Linksys AP\nwifi2 A 192.168.1.201 ; Linksys AP\nns CNAME nornour \nirc CNAME czar \nweb CNAME czar \n",[271,379,377],{"__ignoreMap":273},[211,381,382],{},[260,383,384],{},"1.168.192.in-addr.arpa",[264,386,389],{"className":387,"code":388,"language":269},[267],"$ORIGIN .\n$TTL 3600 ; 1 hour\n1.168.192.in--addr.arpa IN SOA ns.home.chrissearle.org. hostmaster.chrissearle.org. (\n 2008041201 ; serial\n 3600 ; refresh 1 hr\n 1800 ; retry 30 mins\n 604800 ; expire 1 wk\n 3600 ; minimum 1 hr\n )\n NS ns.home.chrissearle.org.\n\n$ORIGIN 1.168.192.in--addr.arpa.\n1 PTR menavaur.home.chrissearle.org. ; Old firewall\n2 PTR nornour.home.chrissearle.org. ; New firewall\n3 PTR dolphin-tp.home.chrissearle.org. ; Astrid mac mini LAN\n4 PTR dolphin.home.chrissearle.org. ; Astrid mac mini WLAN\n5 PTR slippen-tp.home.chrissearle.org. ; Chris laptop LAN\n6 PTR slippen.home.chrissearle.org. ; Chris laptop WLAN\n7 PTR czar.home.chrissearle.org. ; Linux file server\n8 PTR goldeneagle.home.chrissearle.org. ; Astrid XP\n9 PTR galatea-tp.home.chrissearle.org. ; Chris laptop (work) LAN\n10 PTR galatea.home.chrissearle.org. ; Chris laptop (work) WLAN\n11 PTR bonnet.home.chrissearle.org. ; Chris iMac\n12 PTR shah.home.chrissearle.org. ; Unused\n13 PTR islander.home.chrissearle.org. ; Unused\n14 PTR serica.home.chrissearle.org. ; Unused\n15 PTR klondyke.home.chrissearle.org. ; Unused\n16 PTR campernel.home.chrissearle.org. ; Unused\n30 PTR bedroom-tp.home.chrissearle.org. ; Airport\n31 PTR bedroom.home.chrissearle.org. ; Airport\n32 PTR lounge-tp.home.chrissearle.org. ; Airport\n33 PTR lounge.home.chrissearle.org. ; Airport\n34 PTR store.home.chrissearle.org. ; ReadyNAS NV+\n35 PTR wii.home.chrissearle.org. ; Wii\n50 PTR dhcp50.home.chrissearle.org. ; DHCP\n51 PTR dhcp51.home.chrissearle.org. ; DHCP\n52 PTR dhcp52.home.chrissearle.org. ; DHCP\n53 PTR dhcp53.home.chrissearle.org. ; DHCP\n54 PTR dhcp54.home.chrissearle.org. ; DHCP\n55 PTR dhcp55.home.chrissearle.org. ; DHCP\n56 PTR dhcp56.home.chrissearle.org. ; DHCP\n57 PTR dhcp57.home.chrissearle.org. ; DHCP\n58 PTR dhcp58.home.chrissearle.org. ; DHCP\n59 PTR dhcp59.home.chrissearle.org. ; DHCP\n60 PTR dhcp60.home.chrissearle.org. ; DHCP\n200 PTR wifi1.home.chrissearle.org. ; Linksys AP\n201 PTR wifi2.home.chrissearle.org. ; Linksys AP\n",[271,390,388],{"__ignoreMap":273},[211,392,393],{},"Then we need to activate these two:",[211,395,396],{},[260,397,398],{},"\u002Fetc\u002Fbind\u002Fnamed.conf.local",[264,400,403],{"className":401,"code":402,"language":269},[267],"zone \"home.chrissearle.org\" {\n type master;\n file \"\u002Fetc\u002Fbind\u002Fhome.chrissearle.org\";\n};\n\nzone \"1.168.192.in-addr.arpa\" {\n type master;\n file \"\u002Fetc\u002Fbind\u002F1.168.192.in-addr.arpa\";\n};\n",[271,404,402],{"__ignoreMap":273},[211,406,407],{},"Restarted bind - now this is authoritative for my local net 192.168.1.x and forwards to the ISP for everything else.",[211,409,410],{},[260,411,412],{},"DHCPD",[211,414,415],{},"Install dhcpd (virtual package) with aptitude.",[211,417,418],{},"Firstly - we want only to serve DHCP internally - that is on interface eth1.",[211,420,421],{},[260,422,423],{},"\u002Fetc\u002Fdefaults\u002Fdhcp",[264,425,428],{"className":426,"code":427,"language":269},[267],"INTERFACES=\"eth1\"\n",[271,429,427],{"__ignoreMap":273},[211,431,432],{},"Now configure it. Most internal machines get a fixed IP via MAC address, but there is also a range of .50 to .60 for visitors.",[211,434,435],{},[260,436,437],{},"\u002Fetc\u002Fdhcpd.conf",[264,439,442],{"className":440,"code":441,"language":269},[267],"group {\n option subnet-mask 255.255.255.0;\n option routers 192.168.1.2;\n option domain-name-servers 192.168.1.2;\n option domain-name \"home.chrissearle.org\";\n\n host menavaur {\n hardware ethernet 00:60:08:47:03:69;\n fixed-address 192.168.1.1;\n }\n\n host dolphin-tp {\n hardware ethernet 00:16:CB:94:15:D3;\n fixed-address 192.168.1.3;\n }\n\n host dolphin {\n hardware ethernet 00:16:CB:05:8C:03;\n fixed-address 192.168.1.4;\n }\n\n host slippen-tp {\n hardware ethernet 00:16:CB:C9:2E:A3;\n fixed-address 192.168.1.5;\n }\n\n host slippen {\n hardware ethernet 00:16:CB:B9:F5:B6;\n fixed-address 192.168.1.6;\n }\n\n host czar {\n hardware ethernet 00:0A:5E:1F:3D:6F;\n fixed-address 192.168.1.7;\n }\n\n host goldeneagle {\n hardware ethernet 00:0C:6E:4D:48:DA;\n fixed-address 192.168.1.8;\n }\n\n host galatea-tp {\n hardware ethernet 00:1B:63:A8:06:8B;\n fixed-address 192.168.1.9;\n }\n\n host galatea {\n hardware ethernet 00:1C:B3:C5:21:5B;\n fixed-address 192.168.1.10;\n }\n\n host bedroom-tp {\n hardware ethernet 00:14:51:74:F6:AA;\n fixed-address 192.168.1.30;\n }\n\n host bedroom {\n hardware ethernet 00:14:51:74:F6:AB;\n fixed-address 192.168.1.31;\n }\n\n host lounge-tp {\n hardware ethernet 00:14:51:73:86:96;\n fixed-address 192.168.1.32;\n }\n\n host lounge {\n hardware ethernet 00:14:51:73:86:97;\n fixed-address 192.168.1.33;\n }\n\n host wii {\n hardware ethernet 00:19:1D:FE:A0:56;\n fixed-address 192.168.1.35;\n }\n\n host wifi1 {\n hardware ethernet 00:1A:70:AB:A4:AC;\n fixed-address 192.168.1.200;\n }\n\n host wifi2 {\n hardware ethernet 00:1A:70:AB:A6:91;\n fixed-address 192.168.1.201;\n }\n\n}\nshared-network LOCAL-NET {\n option domain-name \"home.chrissearle.org \";\n option domain-name-servers 192.168.1.2;\n\n subnet 192.168.1.0 netmask 255.255.255.0 {\n option routers 192.168.1.2;\n\n range 192.168.1.50 192.168.1.60;\n }\n}\n",[271,443,441],{"__ignoreMap":273},[211,445,446],{},[260,447,448],{},"DenyHosts",[211,450,451],{},"Denyhosts will add hosts to \u002Fetc\u002Fhosts.deny if they try things like brute force attacks on ssh.",[211,453,454],{},"Install denyhosts with aptitude.",[211,456,457],{},"Configure the \u002Fetc\u002Fdenyhosts.conf file - I simply changed the mail addresses and mail server - everything else was left defaulted.",[211,459,460],{},[260,461,462],{},"IPTables",[211,464,251,465,469,470,474],{},[230,466,467],{"href":467,"rel":468,"target":237},"http:\u002F\u002Fwww.debian-administration.org\u002Farticles\u002F23",[234,235,236]," and ",[230,471,472],{"href":472,"rel":473,"target":237},"http:\u002F\u002Fwww.debian-administration.org\u002Farticles\u002F73",[234,235,236]," - the following iptables script was generated.",[211,476,477],{},[260,478,479],{},"\u002Fetc\u002Fnetwork\u002Fif-ip.d\u002F00-firewall",[264,481,484],{"className":482,"code":483,"language":269},[267],"#!\u002Fbin\u002Fsh\n\nPATH=\u002Fusr\u002Fsbin:\u002Fsbin:\u002Fbin:\u002Fusr\u002Fbin\n\n# Set policy\niptables -P INPUT DROP\niptables -P FORWARD DROP\niptables -P OUTPUT ACCEPT\n\n# delete all existing rules.\niptables -F\niptables -t nat -F\niptables -t mangle -F\niptables -X\n\n# Always accept loopback traffic\niptables -A INPUT -i lo -j ACCEPT\n\n# Allow established connections, and those not coming from the outside\niptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\niptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT\niptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT\n\n# Allow outgoing connections from the LAN side.\niptables -A FORWARD -i eth1 -o eth0 -j ACCEPT\n\n# NAT ssh (2222) and http (80) to an internal machine\niptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.7:80\niptables -A PREROUTING -t nat -i eth0 -p tcp --dport 2222 -j DNAT --to 192.168.1.7:22\n\n# Open some ports externally (including the ports for NAT)\niptables -A FORWARD -p tcp -m state --state NEW --dport 22 -i eth0 -j ACCEPT\niptables -A FORWARD -p tcp -m state --state NEW --dport 80 -i eth0 -j ACCEPT\niptables -A FORWARD -p tcp -m state --state NEW --dport 2222 -i eth0 -j ACCEPT\n\n# Masquerade.\niptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n\n# Don't forward from the outside to the inside.\niptables -A FORWARD -i eth0 -o eth0 -j REJECT\n\n# Enable routing.\necho 1 > \u002Fproc\u002Fsys\u002Fnet\u002Fipv4\u002Fip_forward\n",[271,485,483],{"__ignoreMap":273},{"title":273,"searchDepth":487,"depth":487,"links":488},2,[],"2008-04-05 20:56:53 +0200",null,"md",{},true,"\u002F2008\u002F04\u002F05\u002Fbuilding-a-debian-firewall-on-a-cf-card",{"title":206,"description":213},{"loc":494},"2008\u002F04\u002F05\u002Fbuilding-a-debian-firewall-on-a-cf-card",[499,500,501,502,503,504,505,506],"linux","debian","firewall","dns","bind","bind9","dhcp","iptables","Wt98jpKqdEGu7-kJsjLjtUIXmeqcqPqNHhPTXJv_mJ4",1775293015732]