Can you give us a closer look to your rules concerning port 135:139 than your overview? Maybe something is missing there. Is logging enabled on your firewall? And if: Can you give us a look on the rejected packets when you're trying to connect with a samba client?
Regards
Ralf
the only DENY looks like this: Packet log: input DENY eth1 PROTO=17 200.1.1.1:138 200.1.1.255:138 L=241 S=0x00 I=0 F=0x4000 T=64 (#6) 200.1.1.1 is my samba-host. There are no denys from one of the clients ip's. First rule: ACCEPT udp ------ 200.1.1.0/24 200.1.1.1 * -> 137:139 and ACCEPT udp ------ 0.0.0.0/0 200.1.1.1 * -> 135:139 and ACCEPT tcp -y--l- 0.0.0.0/0 200.1.1.1 * -> 135:139 doesn't work... only when adding this rule: ACCEPT udp ---- 0.0.0.0/0 0.0.0.0/0 *->137:139 everythink works but udp port 137:139 is open for world! anybody need more information?