From: "Nate Osborne" <nosborne at purchasingpower dot com>
> Thanks, but it looks like the FW rules are applied before it hits the
> CP --
> so unless the client gets a valid DNS for the URL they type in ~and~ has
> permission to access that URL, the request never hits the captive portal.
There is an old NAT rule to redirect SMTP.
<descr>redirect SMTP to LAN SMTP server</descr>
Have it redirect 80 to your web server on another interface. It will
trigger the CP, and still not allow outbound web. Moreover, all outbound
web that tries will go to your web server.