From owner-freebsd-net@freebsd.org  Mon Sep 12 09:59:06 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 79463BD67C9
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Mon, 12 Sep 2016 09:59:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 693DF762
 for <freebsd-net@FreeBSD.org>; Mon, 12 Sep 2016 09:59:06 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u8C9x6Qo058542
 for <freebsd-net@FreeBSD.org>; Mon, 12 Sep 2016 09:59:06 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-net@FreeBSD.org
Subject: [Bug 212331] pfil processing order
Date: Mon, 12 Sep 2016 09:59:06 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 10.3-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: srijan.nandi@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-net@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-212331-2472-Bk4yvhNP0l@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-212331-2472@https.bugs.freebsd.org/bugzilla/>
References: <bug-212331-2472@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2016 09:59:06 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212331

--- Comment #8 from srijannandi <srijan.nandi@gmail.com> ---
ipfw is doing it's job perfectly well. It's just that I use ipfw for bandwi=
dth
shaping and also have captive portal running on ipfw. Rest all firewall'ing=
 and
nat'ting features are used in pf.

So, I have ipfw processing packets destined to port 80. As soon as it recei=
ves
a packet for destination port 80, it throws the user a captive portal login
page. The user than logs in using his/her username and password. After which
the packet is marked as authenticated and passed on to pf for further
processing. pf then allows or denies the traffic as per the rule configured.

This works fine, without issues.

As soon as I enable a route-to rule in pf to pass this traffic via a specif=
ic
gateway, then when a packet is received by FreeBSD for destination port 80,
ipfw no longer comes into picture and pf shorts this packet and start
processing it. Therefore, in this scenario, I no longer get the captive por=
tal
page.

--=20
You are receiving this mail because:
You are the assignee for the bug.=