At home, are you using your own modem/router and ISP? Usually public wifi is set up with its own server on the lan (or router firmware) (IP 192.168.101.1, listening on port 8080 in this case) along with the users to take care of authentication-you either pay, or log in with a password as one of their customers, or share the service in some other way. Often you are redirected by the wireless router when you try to log in to an initial website, although some may be accessed directly. After that is satisfied, you are connected to the routed internet modem. I also use a lot of public wifi, and most work this way except for open repeaters which are just routers you log onto that someone has not secured.
Port 80 is the standard port for internet (http) requests, but 8080 is a legal alternate used by many websites. If you look in Avast!/settings/troubleshooting/redirect settings you will see that there are some other fairly standard http ports that Avast! also intercepts and virus checks for you-whether on the intranet or internet.
You should already have a KPF rule that allows TCP out by avastsvc.exe on port 80-you couldn't get to the internet otherwise. So yes, the simplest thing you can do is just add port 8080 to that rule-there are even some real internet sites that might get blocked otherwise.
My home ADSL box serves as a modem and router. As a router, it provides ports for wired ethernet LAN and it serves as a WiFi access point. I understand what you say about logging in, but my firewall popups for 192.168.101.1 is well after logging in. For example, when I'm streaming in a recorded webinar, I am getting the popups all the time. Very frustrating.
I am trying to understand your comment about redirection...while the general *concept* of redirection is simple, I don't know the details. What follows might sound quite naive, but thanks for any clarification.
Does the public WiFi access point simply intercept requests for webpage downloads and act as the middleman, going out to the URL, getting the content, and providing it to the WiFi client? In this scenario, why would the WiFi client have to know about the existence of the middleman at all? In other words, why would the client even attempt to access 220.127.116.11?
Alternatively, does the access point somehow inform the WiFi client that they have to explicitly resubmit the webpage request using an intranet address (18.104.22.168)? I'm not sure how that would work, but that would certainly cause the WiFi client to attempt to access 192.168.101.1.
I did "ipconfig /all" and found that all of the following are set to 192.168.101.1:
•Lease is for approximately 30 minutes
•Local port for outgoing request 0.0.0.0:xxxx
- "xxxx" represents various 4-digit integers
The rule I created was to permit the following:
•App: c:\program files\alwil software\avast5\avastsvc.exe
•Created IP group "Intranet"
- Address: 192.168.0.0
- Mask: 255.255.0.0
•Local end: Any
- Address: "Intranet" IP group
- Port: 8080
I could not find a pre-existing rule for avastsvc, but the above new rule seemed to solve the problem. However, my vague familiarity of how to set up this rule was not gotten through any formal computer networks education, so I'm not sure if the rule is too loose. And it's still not clear why this problem didn't show up at home.