Is this a Windows XP firewall bug?

Question

I have a webserver running on my Windows XP computer. I have set the firewall to allow incoming HTTP connections: Firewall settings window->'Advanced' tab->select my network connection->Settings->Services->check 'Webserver(HTTP)' checkbox.

Normally, this works. However, sometimes upon restarting the server machine, the firewall again begins blocking HTTP connections, notwithstanding the fact that the 'Webserver(HTTP)' exception is still checked in the Firewall settings window.

The only way, then, to get things working again is to uncheck the said option, save the settings, reopen the firewall dialog and check the option and save again.

My question is, is this some peculiarity of my machine or is this a Windows XP firewall bug?

Answer 1

No, that's not a bug, you're just misunderstanding what the Services tab is for.

The list on that tab are for the scenario where the firewalled system also serves as a NAT gateway ("Internet Connection Sharing" or whichever name Microsoft came up with) for another computer. It's basically a form of DNAT. It controls whether or not to allow the initiation of connections to that port through to hosts running on a private network behind the firewalled system.

What you need is to add an exception for port 80 / TCP on the Exceptions tab (don't forget to click on Change scope and select the appropiate scope!) That will work without a hitch. I also recommend you uncheck what you checked ASAP since Windows client operating systems aren't particularly suited for packet forwarding and settings on that tab sometimes mysteriously interfere with normal network traffic (like in your case.)