Hello people!

After setting up some VM's (Win7x64, WinXP SP3, Debian Lenny, DVWA, Badstore Online Shop, Windows Server 2003) in VMWare I started
scanning the WinXP box (with SP3 but without latest updates). When I turn off the Windows firewall Nessus shows me a lot of vulnerabilities and
I am able to play around with metasploit and connect to the box. With firewall on I only can see that IP forwarding is enabled. NMap only shows me
that the 1000 scanned ports are filtered and OS detection also doesn't work properly.
I'm wondering if it is possible to bypass an active Windows firewall by taking advantage of IP forwarding or other methods to search for vulnerabilities.
I've been looking around for good papers or threads for hours but there was nothing useful to find.

I'm using BT5RC3 x64.

Hope you can point me to the right direction,

best regards