>Can you give us a closer look to your rules concerning port 135:139 than your overview? Maybe
>something is missing there.
>Is logging enabled on your firewall? And if: Can you give us a look on the rejected packets when
>you're trying to connect with a samba client?

>Regards

>Ralf

the only DENY looks like this:

Packet log: input DENY eth1 PROTO=17 200.1.1.1:138 200.1.1.255:138 L=241 S=0x00 I=0 F=0x4000 T=64 (#6)

200.1.1.1 is my samba-host. There are no denys from one of the clients ip's.

First rule:

ACCEPT udp ------ 200.1.1.0/24 200.1.1.1 * -> 137:139

and

ACCEPT udp ------ 0.0.0.0/0 200.1.1.1 * -> 135:139

and

ACCEPT tcp -y--l- 0.0.0.0/0 200.1.1.1 * -> 135:139

doesn't work...

only when adding this rule:

ACCEPT udp ---- 0.0.0.0/0 0.0.0.0/0 *->137:139

everythink works but udp port 137:139 is open for world!

anybody need more information?