Nov 23, 2001
Hey, I'm a regular reader of Tom's, and since Microsoft tech support hasn't replied to me, I figured this would be a good place to get the word out about what I'm 99% sure is a bug in the WinXP SP2 firewall. Here's the setup....

I have a WinXP box with file/print sharing enabled that acts as a dedicated server for my small home LAN. I also use it (since it's the only machine I leave on 24/7) as a VPN server, so I can access my files remotely. The whole LAN is behind a NAT router, and has private IPs in the 192.168.1.x range. The server has a static IP of, and the "Incoming" network connection is set to give out IPs in the range, which means it always takes for itself.

Before installing SP2, remote VPN clients were able to access the machine at EITHER of those IPs, which makes sense, as it's set to forward traffic to the LAN. After installing SP2, though, only the RAS address worked,

It's a problem because I use a couple of laptops both locally AND remotely, and simply kept an LMHOSTS entry for that machine. But if its IP changes, mapped drives will fail and stuff. But I see that as an aside - the behavior should not have changed.

Well, after lots of time messing with routing tables and stuff, I tried dropping the Windows SP2 firewall. And it worked - VPN clients were able to ping and access again. But no collection of exceptions or other settings could get it to work. And if the firewall was blocking, it should have raised alerts when it blocked incoming requests. Also note that machines on the LAN could access with no problem.

I encourage anyone with the requisite hardware on hand to try it out. If you can find a mistake I made in routing or firewall setup, please let me know, but I'm pretty sure I've tried everything.

And if I'm right and it is a bug, this seems as good a place as any to make people aware of it.


Sep 15, 2002
I highly suggest you put linux on that thing. Toms just did a review of <A HREF="http://www.tomsnetworking.com/Reviews-172-ProdID-CLARKCONNECT.php" target="_new">ClarkConnect</A>, it will do everything you just described your current server as doing and more. And it is linux so it is MUCH more secure and reliable.

<A HREF="http://www.folken.net/myrig.htm" target="_new">My precious...</A>


Feb 21, 2004
Last I checked Linux is just as insecure and non-reliable as Windows.


<font color=red>Post created with being a dickhead in mind.</font color=red>
<font color=white>For all emotional and slanderous statements contact THG for all law suits.</font color=white>


Sep 7, 2001
I don't know if that is a bug or not. I assume that you know that the new XP firewall only concerns itself with INbound traffic. It ignore anything outbound from an SP-2 system. On the other hand, no-one in their right mind trusts this new firewall with the safety of their system(s).

What I wanted to clue you in to was analternative to VPN's and such, thereby avoiding the whole mess. The alternative is called QnextMyPC and it's part of a new IM service that's currently in beta. Head over to www.qnext.com to see what I mean. It's just like GotoMyPC, but it's free. There are lots of other very useful (and plain old cool) features as well. Yes, you do have to open 3 ports in your firewall, but since the program has security features built in, it's not bad.

<font color=green>****</font color=green> Never Assume <font color=red>ANYTHING</font color=red> <font color=green>****</font color=green>


Oct 11, 2001
no firewall will ask you if you want an inbound connection request to be allowed. that would be stupid. you would get those messages hundreds of times a day from the script kiddies running port scanners and scanners looking for unprotected services.

wpdclan.com counter-strike game server -
now featuring valve security module!