Sometimes when the user enters the hostname of the HTTPs captive portal server it resolves the IP address to $LANIP. Allow access to $LANIP in addition to the $CPIP so that we can speedup captive portal by 10000* in these cases.

1 files changed, 12 insertions, 1 deletions

diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 6b0f9a1..4e67c72 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -293,7 +293,8 @@ function captiveportal_rules_generate() {
 	$cpifn = $config['captiveportal']['interface'];
 	$cpif = $config['interfaces'][$cpifn]['if'];
 	$cpip = $config['interfaces'][$cpifn]['ipaddr'];
-
+	$lanip = $config['interfaces']['lan']['ipaddr'];
+	
 	/* note: the captive portal daemon inserts all pass rules for authenticated
 	   clients as skipto 50000 rules to make traffic shaping work */
 
@@ -356,16 +357,26 @@ add 1204 set 1 pass icmp from any to $cpip in icmptype 0
 add 1300 set 1 pass udp from any to $cpip 53 in
 add 1301 set 1 pass udp from $cpip 53 to any out
 
+# allow access to our DNS forwarder if it incorrectly resolves the hostname to $lanip
+add 1300 set 1 pass udp from any to $lanip 53 in
+add 1301 set 1 pass udp from $lanip 53 to any out
+
 # allow access to our web server
 add 1302 set 1 pass tcp from any to $cpip 8000 in
 add 1303 set 1 pass tcp from $cpip 8000 to any out
 
+# allow access to lan web server incase the dns name resolves incorrectly to $lanip
+add 1302 set 1 pass tcp from any to $lanip 8000 in
+add 1303 set 1 pass tcp from $lanip 8000 to any out
+
 EOD;
 
 	if (isset($config['captiveportal']['httpslogin'])) {
 		$cprules .= <<<EOD
 add 1304 set 1 pass tcp from any to $cpip 8001 in
 add 1305 set 1 pass tcp from $cpip 8001 to any out
+add 1302 set 1 pass tcp from any to $lanip 8001 in
+add 1303 set 1 pass tcp from $lanip 8001 to any out
 
 EOD;
 	}