SUSE firewall blocks Windows PC's on my LAN

Posted on 2006-04-08
Last Modified: 2010-04-22
I have a small LAN with mixed Windows XP and Suse Linux 10.0 installations.  It I turn off the Suse firewall I can see my Windows PC's when I browse the network on the Suse side.  If I turn on the firewall, browsing the LAN fails.

I have tried many different settings using YAST but don't really know what settings I should have to permit browsing of other machines on my LAN.  All the PC's connect to a router with a 192.168.1.x address.  The external connection is firewalled and my internet connection works normally.  It's just the LAN that I can't configure properly.

Step by step instructions would be appreciated.

Question by:Bloodrule
    LVL 51

    Expert Comment

    don't know how YAST provides the settings used for iptables (firewall), but you need to allow following ports:
      137 netbios-ns
      138 netbios-dgm
      139 netbios-ssn
      445 microsoft-ds (if used)
    best for UDP and TCP
    LVL 1

    Accepted Solution

    I think the best way is to turn off the firewall rules set by Suse and build your own firewall.
    Yast is another graphic interface way to config your firewall using "iptables" but you can use the command.
    Here is a good website for starter
    Basicly you need to enable port 137, 138, 139 and 445 if you share the same domain name sever.


    Author Comment

    I actually solved my own problem (trial and error) with these steps:

    YAST/Security & Users/Firewall/Interfaces/Custom String/Internal Zone set to "any"

    Thanks for your helpful suggestions.
    LVL 7

    Expert Comment

    > YAST/Security & Users/Firewall/Interfaces/Custom String/Internal Zone set to "any"

    well done! your firewall is obsolete now. Just not starting it would be the same...
    You really _want_ to understand what you are doing! So you should consider to spend some hours on Zentoo's recommendation...



    Author Comment

    I see.  I appreciate your advice but could have done without the sarcasm.
    LVL 7

    Expert Comment

    I apologize when my posting was a little bit too sarcastic - it definetly wasn't meant offensive. Nice to see, that you really seem to want to get deeper into that topic.
    Additional to Zentoo's link, these might also be useful for you:


    Author Comment

    Apology definitely accepted!  Thank you.  I am not a power user (certainly not in Unix) but have been an enthusiast for 20 years and only had my first look at Linux in the past few weeks.  As soon as I read your post I could see that I had indeed effectively switched off the firewall and your suggestion that I inform myself better was quite right.  Thanks for the additional link and I am working through the long article suggested by Zentoo.

    Thanks for coming back to me - I appreciate it.


    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now