Restrict client web access by network port?

That's an unusual configuration, so this might take some iterating to get right.

However, I think the answer relies largely on how you, as the server, determine which connection the clients are using.

If you have a specific set of IP addresses assigned to wired clients, and a different set for wireless clients, then that might be a viable approach, otherwise how are you supposed to know which interface any given user is accessing?

That said, the missing part of your information relates to whether approved-domain.com should be accessible via the wireless network or not?

Depending on the answer to that question I can see a couple of options. DNS might be an option, but there is no way, via DNS to "... redirect traffic to any other domains to an error page". DNS deals purely in mapping IP addresses to hostnames (and vice versa). There is no concept of 'redirecting' or 'error pages' in DNS since the lookup of any hostname is far removed from whatever service you might want to access on the resulting IP address.

One other option might be a proxy server - the proxy server can have access control rules that dictate who can access which sites (including at what times of day if you so desire). It can also ask for authentication so you can track which valid users are using it.
In this way you might be able to say that certain clients are able to access approved-domain.com, while other clients can access any site, but this is largely limited to web traffic (e.g. there's no simple control for email services, file services, etc.)

So if you can provide a little more detail I'm sure we can work through these options.

The wired network only really needs to access http://aproved-domain.com and all other types of traffic are fine for the wireless network

Oh, well that's radically easier - there may be no need to go to huge lengths here, and users can leave both links active if it's setup correctly - the OS will automatically choose the wired link for approved-domain.com and the wireless link for everything else.

The simplest solution is just DNS - assuming that the approved-domain.com addresses are on the same LAN subnet as the client's ethernet port all you need to do is setup DNS such that it hands out the LAN address of those services and you're done.

You see, whenever the client tries to access a server it looks at the destination IP address to work out how to get there. The first thing it checks is whether the IP address is on the same subnet as a link on the client itself. if it is, then the connection uses that link. If it isn't then it checks to see if it has a static route for the target IP address, and if that fails it sends it to the default gateway address (that's why it's called the default gateway - all traffic that doesn't have a more direct route will take that path).

So as long as your DNS server hands out the LAN address for approved-domain.com there shouldn't be anything more you need to do. Do you have any control over the DNS server for your LAN? or can you change your LAN clients to use a different DNS server that you do control? Those will be important elements in using DNS to manage this setup.