diff --git a/src/opnsense/service/templates/OPNsense/Captiveportal/lighttpd-zone.conf b/src/opnsense/service/templates/OPNsense/Captiveportal/lighttpd-zone.conf
index 198541f3f..9ef72a758 100644
--- a/src/opnsense/service/templates/OPNsense/Captiveportal/lighttpd-zone.conf
+++ b/src/opnsense/service/templates/OPNsense/Captiveportal/lighttpd-zone.conf
@@ -2,14 +2,29 @@
 {% set cp_zone_item = [] %}
 {% for item in OPNsense.captiveportal.zones.zone %}
     {% if TARGET_FILTERS['OPNsense.captiveportal.zones.zone.' ~ loop.index0] or TARGET_FILTERS['OPNsense.captiveportal.zones.zone'] %}
+        {# found zone, search for interface ip #}
+        {% for intf_tag in item.interfaces.split(',') %}
+            {% for conf_key, conf_inf in interfaces.iteritems() %}
+                {% if conf_key == intf_tag and conf_inf.ipaddr != 'dhcp' %}
+                    {% do item.update({'interface_ipaddr':conf_inf.ipaddr}) %}
+                {% endif %}
+            {% endfor %}
+        {% endfor %}
         {% do cp_zone_item.append(item) %}
     {% endif %}
 {% endfor %}
 {% set cp_zone_item = cp_zone_item[0]|default(None) %}
 
+{% if cp_zone_item != None %}
+    {# generate zone redirect address #}
+    {% do cp_zone_item.update({'redirect_host':'https://'+cp_zone_item.interface_ipaddr + ':'  ~ (cp_zone_item.zoneid|int + 8000) ~ '/index.html?zone=' ~ cp_zone_item.zoneid  }) %}
+    {% do cp_zone_item.update({'redirect_host_match':cp_zone_item.interface_ipaddr.replace('.','\.') ~ ':' ~ (cp_zone_item.zoneid|int + 8000) }) %}
+
 
 #######################################################
-###  Captive portal lighttpd.conf  BEGIN
+###  Captive portal zone {{ cp_zone_item.zoneid  }} lighttpd.conf  BEGIN
+###  -- listen on port {{ cp_zone_item.zoneid|int + 8000  }} for primary (ssl) connections
+###  -- forward on port {{ cp_zone_item.zoneid|int + 9000  }} for plain http redirection
 #######################################################
 #
 #### modules to load
@@ -51,30 +66,30 @@ server.kbytes-per-second = 0
 server.bind              = "0.0.0.0"
 
 #### bind to port
-server.port              = 8000
+server.port              = {{ cp_zone_item.zoneid|int + 8000  }}
 
 ##
 #url.rewrite-once = ( "(.*)" => "/index.html?redirurl=$1" )
-$HTTP["host"] !~ "(.*10\.211\.55\.100:8000.*)" {
+$HTTP["host"] !~ "(.*{{cp_zone_item.redirect_host_match}}.*)" {
 	$HTTP["host"] =~ "([^:/]+)" {
-		url.redirect = ( "^(.*)$" => "https://10.211.55.100:8000/index.html?zone=test&redirurl=%1$1")
+		url.redirect = ( "^(.*)$" => "{{cp_zone_item.redirect_host}}&redirurl=%1$1")
 	}
 }
 
 ## redirect http traffic to https
-$SERVER["socket"] == ":9000" {
+$SERVER["socket"] == ":{{ cp_zone_item.zoneid|int + 9000  }}" {
 	$HTTP["host"] =~ "([^:/]+)" {
-		url.redirect = ( "^(.*)$" => "https://10.211.55.100:8000/index.html?zone=test&redirurl=%1$1")
+		url.redirect = ( "^(.*)$" => "{{cp_zone_item.redirect_host}}&redirurl=%1$1")
 	}
 }
-$SERVER["socket"] == "[::]:9000" {
+$SERVER["socket"] == "[::]:{{ cp_zone_item.zoneid|int + 9000  }}" {
 	$HTTP["host"] =~ "([^:/]+)" {
-		url.redirect = ( "(.*)" => "https://10.211.55.100:8000/index.html?zone=test&redirurl=%1$1")
+		url.redirect = ( "(.*)" => "{{cp_zone_item.redirect_host}}&redirurl=%1$1")
 	}
 }
 
 proxy.server = ( "/api/captiveportal/access/" => (
-		( "host" => "127.0.0.1", 
+		( "host" => "127.0.0.1",
 		  "port" => 8999 )
 	)
 )
@@ -201,3 +216,4 @@ mimetype.assign             = (
 #######################################################
 ###  Captive Portal lighttpd.conf  END
 #######################################################
+{% endif %}