1. Are these subnets on the same network segment or different network interfaces? 2. Are you trying to ping based on hostnames or IP's? 3. INTIF/EXTIF corresponds to what network IP subnets? 4. What gets dumped to the Logs? In all likelihood it will show you exactly what the problem is. The ICMP pings should work the same between Linux and Windows so I don't see the 'visibility' the firewall allows as the issue. I can only assume that your Windows machines are not configured the same way as your Linux machine (192.168.3.15). Could this be a subnet masking problem? Try tracert from 192.168.1.19 to the machines tried and see if they both take the paths that they should be.
