From the FAQ http://www.zeroshell.net/eng/captiveportaldetails/
“Such gateway blocks IP packets destined towards the outside and captures the http and https requests on TCP ports 80 and 443 redirecting them to a web server…”
I take this as meaning only http and https requests are diverted – in theory, you should be able to use all other port and get through router sucessfully – I only just noticed this myself.
In the next release, is it possible to make all ports unavailble untl the user has authenticate?
EDIT: Consider putting the captive portal wireless on a different subnet if you’re concerned?