{"id":1852,"date":"2023-03-13T16:06:54","date_gmt":"2023-03-13T07:06:54","guid":{"rendered":"https:\/\/www.next-hop.net\/blog\/hiraga\/?p=1852"},"modified":"2023-03-14T09:26:23","modified_gmt":"2023-03-14T00:26:23","slug":"ipfw-nat-tso-issue","status":"publish","type":"post","link":"https:\/\/www.next-hop.net\/blog\/hiraga\/freebsd\/ipfw-nat-tso-issue\/","title":{"rendered":"IPFW+NAT\u3067\u306f\u307e\u3063\u305f\u8a71"},"content":{"rendered":"<p>NAT \u3092 natd \u304b\u3089 ipfw nat \u306b\u5909\u3048\u305f\u30b7\u30b9\u30c6\u30e0\u306b\u304a\u3044\u3066\u3001\u3042\u308b\u65e5\u3001\u3042\u308b\u7279\u5b9a\u306e\u5b9b\u5148\u306b\u30e1\u30fc\u30eb\u304c\u9001\u4fe1\u3067\u304d\u306a\u3044\u4e8b\u8c61\u304c\u767a\u751f\u3002STARTTLS \u5f8c\u306b\u30a8\u30e9\u30fc\u304c\u51fa\u3066\u3044\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nXXX XX XX:XX:XX mail sm-mta&#x5B;89339]: STARTTLS=client, relay=xxxx.xxxx.xxxx.xxxx.xxxx., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256\/256\r\nXXX XX XX:XX:XX mail sm-mta&#x5B;89339]: STARTTLS: write error=syscall error (-1), errno=13, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5\r\nXXX XX XX:XX:XX mail sm-mta&#x5B;89339]: 32D6W9Qv073007: SYSERR(root): timeout writing message to xxxx.xxxx.xxxx.xxxx.xxxx.: Permission denied\r\nMar XX XX:XX:XX mail sm-mta&#x5B;89339]: 32D6W9Qv073007: to=&lt;xxxxxx@xxxx.xxxx&gt;, delay=00:00:06, xdelay=00:00:03, mailer=esmtp, pri=4200197, relay=xxxx.xxxx.xxxx.xxxx.xxxx. &#x5B;XXX.XXX.XXX.XXX], dsn=4.0.0, stat=Deferred\r\n<\/pre>\n<p>\u3057\u304b\u3082\u3001Permission denied \u3068\u306f\u3002<\/p>\n<p>\u3069\u3046\u3084\u3089ipfw\u304c\u30d1\u30b1\u30c3\u30c8\u3092\u30c9\u30ed\u30c3\u30d7\u3057\u3066\u3044\u308b\u6a21\u69d8\u3002\u3057\u304b\u3057\u3001\u9001\u4fe1\u3067\u304d\u308b\u5b9b\u5148\u304c\u307b\u3068\u3093\u3069\u3067\u3001ipfw \u30eb\u30fc\u30eb\u3082\u9593\u9055\u3063\u3066\u3044\u306a\u3044\u306f\u305a\u3002<br \/>\n\u305d\u3053\u3067\u3001ipfw \u306e man \u3092\u898b\u3066\u307f\u308b\u3068\u4ee5\u4e0b\u306e\u8a18\u8ff0\u304c&#8230;<\/p>\n<h4>IPFW(8) man page<\/h4>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n     Due to the architecture of libalias(3), ipfw nat is not compatible with\r\n     the TCP segmentation offloading (TSO).  Thus, to reliably nat your\r\n     network traffic, please disable TSO on your NICs using ifconfig(8).\r\n<\/pre>\n<p>\u78ba\u304b\u306b ipfw nat \u3092\u4f7f\u3063\u3066\u3044\u308b\u306e\u3067 TSO4 \u3092\u7121\u52b9\u306b\u3057\u305f\u3068\u3053\u308d\u3001\u30d1\u30b1\u30c3\u30c8\u30c9\u30ed\u30c3\u30d7\u304c\u89e3\u6d88\u3055\u308c\u307e\u3057\u305f\u3002<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nifconfig vtnet0 -tso4\r\n<\/pre>\n<p>\u30de\u30cb\u30e5\u30a2\u30eb\u306f\u9685\u3005\u307e\u3067\u8aad\u307e\u306a\u3044\u3068\u3044\u3051\u307e\u305b\u3093\u306d&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>NAT \u3092 natd \u304b\u3089 ipfw nat \u306b\u5909\u3048\u305f\u30b7\u30b9\u30c6\u30e0\u306b\u304a\u3044\u3066\u3001\u3042\u308b\u65e5\u3001\u3042\u308b\u7279\u5b9a\u306e\u5b9b\u5148\u306b\u30e1\u30fc\u30eb\u304c\u9001\u4fe1\u3067\u304d\u306a\u3044\u4e8b\u8c61\u304c\u767a\u751f\u3002STARTTLS \u5f8c\u306b\u30a8\u30e9\u30fc\u304c\u51fa\u3066\u3044\u307e\u3059\u3002 XXX XX XX:XX:XX mail sm-\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.next-hop.net\/blog\/hiraga\/freebsd\/ipfw-nat-tso-issue\/\">\u7d9a\u304d\u3092\u8aad\u3080 &raquo;<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1852","post","type-post","status-publish","format-standard","hentry","category-freebsd"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/1852"}],"collection":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/comments?post=1852"}],"version-history":[{"count":6,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/1852\/revisions"}],"predecessor-version":[{"id":1875,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/posts\/1852\/revisions\/1875"}],"wp:attachment":[{"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/media?parent=1852"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/categories?post=1852"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.next-hop.net\/blog\/hiraga\/wp-json\/wp\/v2\/tags?post=1852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}