SUSE firewall blocks Windows PC's on my LAN

I have a small LAN with mixed Windows XP and Suse Linux 10.0 installations.  It I turn off the Suse firewall I can see my Windows PC's when I browse the network on the Suse side.  If I turn on the firewall, browsing the LAN fails.

I have tried many different settings using YAST but don't really know what settings I should have to permit browsing of other machines on my LAN.  All the PC's connect to a router with a 192.168.1.x address.  The external connection is firewalled and my internet connection works normally.  It's just the LAN that I can't configure properly.

Step by step instructions would be appreciated.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

don't know how YAST provides the settings used for iptables (firewall), but you need to allow following ports:
  137 netbios-ns
  138 netbios-dgm
  139 netbios-ssn
  445 microsoft-ds (if used)
best for UDP and TCP
I think the best way is to turn off the firewall rules set by Suse and build your own firewall.
Yast is another graphic interface way to config your firewall using "iptables" but you can use the command.
Here is a good website for starter
Basicly you need to enable port 137, 138, 139 and 445 if you share the same domain name sever.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BloodruleAuthor Commented:
I actually solved my own problem (trial and error) with these steps:

YAST/Security & Users/Firewall/Interfaces/Custom String/Internal Zone set to "any"

Thanks for your helpful suggestions.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

> YAST/Security & Users/Firewall/Interfaces/Custom String/Internal Zone set to "any"

well done! your firewall is obsolete now. Just not starting it would be the same...
You really _want_ to understand what you are doing! So you should consider to spend some hours on Zentoo's recommendation...


BloodruleAuthor Commented:
I see.  I appreciate your advice but could have done without the sarcasm.
I apologize when my posting was a little bit too sarcastic - it definetly wasn't meant offensive. Nice to see, that you really seem to want to get deeper into that topic.
Additional to Zentoo's link, these might also be useful for you:

BloodruleAuthor Commented:
Apology definitely accepted!  Thank you.  I am not a power user (certainly not in Unix) but have been an enthusiast for 20 years and only had my first look at Linux in the past few weeks.  As soon as I read your post I could see that I had indeed effectively switched off the firewall and your suggestion that I inform myself better was quite right.  Thanks for the additional link and I am working through the long article suggested by Zentoo.

Thanks for coming back to me - I appreciate it.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.