With in-kernel <acronym>NAT</acronym> it is necessary to disable TCP segmentation offloading (<acronym>TSO</acronym>) due to the architecture of <citerefentry><refentrytitle>libalias</refentrytitle><manvolnum>3</manvolnum></citerefentry>, a library implemented as a kernel module to provide the in-kernel <acronym>NAT</acronym> facility of <application>IPFW</application>. <acronym>TSO</acronym> can be disabled on a per network interface basis using <citerefentry><refentrytitle>ifconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry> or on a system wide basis using <citerefentry><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>. To disable <acronym>TSO</acronym> system wide, the following must be set it <filename>/etc/sysctl.conf</filename>:
bhy
当规则集包含有状态规则时,<acronym>NAT</acronym>规则的定位至关重要,并且使用<literal>skipto</literal>操作。<literal>skipto</literal>操作需要一个规则编号,以便它知道要跳转到哪个规则。此外,由于<citerefentry><refentrytitle>libalias</refentrytitle><manvolnum>3</manvolnum></citerefentry>的体系结构,作为用于<application>IPFW</application>的 in-kernel <acronym>NAT</acronym>工具的内核模块实现的库,有必要禁用 TCP 分段卸载,(<acronym>TSO</acronym>)。通过使用<citerefentry><refentrytitle>ifconfig</refentrytitle><manvolnum>8</manvolnum></citerefentry>为某个网口禁用 TSO 或使用<citerefentry><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>。在系统范围内,可以基于每个网络接口为系统内的所有网卡禁用 <acronym>TSO</acronym>。要在系统范围禁用<acronym>TSO</acronym>,必须在<filename>/etc/sysctl.conf</filename>中设置以下内容: