> I have DNS server and HTTP proxy on the same machine in second subnet.
> I have to set DNS IP as "pass throu IP" in Captive portal config.
> All client can access http via proxy without using captive portal, because IP of
> Proxy is the same as IP of DNS.
> Do somebody have an idea how to "fix" it?
> or How to allow "pass throu" only DNS UDP packet for unauthorised clients?
bad config really.
I would give the DNS and HTTP server a second IP address
on a subinterface...and get the DNS to listen on that interface
/sbin/ifconfig eth0:1 10.0.0.1 netmask 255.255.255.0
/sbin/ifconfig eth0:1 up
(PS you might need to load ip_alias if you run Linux and dont have it built
into the kernel...eg /sbin/modprobe ip_alias)
..then edit your named to listen to eth0:1
now, you'll only allow the m0n0 to passthrough that eth0:1 address.