From 181a843cfe3c08340e2319fb23c2ae3134d9f2ed Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Mon, 7 Nov 2005 06:25:02 +0000
Subject: Allow nat redirects to function

Ticket #651
---
 etc/inc/captiveportal.inc | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 948a4f2..650627b 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -285,7 +285,20 @@ function captiveportal_rules_generate() {
 	   clients as skipto 50000 rules to make traffic shaping work */
 
 	$cprules = "";
-	
+
+	/*   allow nat redirects to work  see
+	     http://cvstrac.pfsense.com/tktview?tn=651
+	 */
+	$iflist = array("lan" => "LAN", "wan" => "WAN");
+	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) 
+		$iflist['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];	
+	foreach ($iflist as $ifent => $ifname) {
+		if($config['captiveportal']['interface'] == $ifname)
+			continue;
+		$int = convert_friendly_interface_to_real_interface_name($ifname);
+		$cprules .= "ipfw add 30 skipto 50000 allow all from any to any in via {$int} keep-state\n";
+	}
+
 	/* captive portal on LAN interface? */
 	if ($cpifn == "lan") {
 		/* add anti-lockout rules */
-- 
cgit v1.1