• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 903
  • Last Modified:

SUSE firewall blocks Windows PC's on my LAN

I have a small LAN with mixed Windows XP and Suse Linux 10.0 installations.  It I turn off the Suse firewall I can see my Windows PC's when I browse the network on the Suse side.  If I turn on the firewall, browsing the LAN fails.

I have tried many different settings using YAST but don't really know what settings I should have to permit browsing of other machines on my LAN.  All the PC's connect to a router with a 192.168.1.x address.  The external connection is firewalled and my internet connection works normally.  It's just the LAN that I can't configure properly.

Step by step instructions would be appreciated.

BR
0
Bloodrule
Asked:
Bloodrule
1 Solution
 
ahoffmannCommented:
don't know how YAST provides the settings used for iptables (firewall), but you need to allow following ports:
  137 netbios-ns
  138 netbios-dgm
  139 netbios-ssn
  445 microsoft-ds (if used)
best for UDP and TCP
0
 
ZentooCommented:
I think the best way is to turn off the firewall rules set by Suse and build your own firewall.
Yast is another graphic interface way to config your firewall using "iptables" but you can use the command.
Here is a good website for starter http://iptables-tutorial.frozentux.net/iptables-tutorial.html.
Basicly you need to enable port 137, 138, 139 and 445 if you share the same domain name sever.

Regards
0
 
BloodruleAuthor Commented:
I actually solved my own problem (trial and error) with these steps:

YAST/Security & Users/Firewall/Interfaces/Custom String/Internal Zone set to "any"

Thanks for your helpful suggestions.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
XoFCommented:
> YAST/Security & Users/Firewall/Interfaces/Custom String/Internal Zone set to "any"

well done! your firewall is obsolete now. Just not starting it would be the same...
You really _want_ to understand what you are doing! So you should consider to spend some hours on Zentoo's recommendation...

regards,

-XoF-
0
 
BloodruleAuthor Commented:
I see.  I appreciate your advice but could have done without the sarcasm.
0
 
XoFCommented:
I apologize when my posting was a little bit too sarcastic - it definetly wasn't meant offensive. Nice to see, that you really seem to want to get deeper into that topic.
Additional to Zentoo's link, these might also be useful for you:
http://www.netfilter.org/documentation/index.html#documentation-howto

Regards,
-XoF-
0
 
BloodruleAuthor Commented:
Apology definitely accepted!  Thank you.  I am not a power user (certainly not in Unix) but have been an enthusiast for 20 years and only had my first look at Linux in the past few weeks.  As soon as I read your post I could see that I had indeed effectively switched off the firewall and your suggestion that I inform myself better was quite right.  Thanks for the additional link and I am working through the long article suggested by Zentoo.

Thanks for coming back to me - I appreciate it.

0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now