Correct me if I'm wrong, but don't you need the broadcast address 200.1.1.255 for the udp ports? Try opening up only this address for port 137 and 138 and everything should work. (Not tested, actually I'm out of reach of a system to test it.) HTH Ralf
Can you give us a closer look to your rules concerning port 135:139 than your overview? Maybe something is missing there. Is logging enabled on your firewall? And if: Can you give us a look on the rejected packets when you're trying to connect with a samba client?
Regards
Ralf
the only DENY looks like this:
Packet log: input DENY eth1 PROTO=17 200.1.1.1:138 200.1.1.255:138 L=241 S=0x00 I=0 F=0x4000 T=64 (#6)
200.1.1.1 is my samba-host. There are no denys from one of the clients ip's.
First rule: ACCEPT udp ------ 200.1.1.0/24 200.1.1.1 * -> 137:139 and ACCEPT udp ------ 0.0.0.0/0 200.1.1.1 * -> 135:139 and ACCEPT tcp -y--l- 0.0.0.0/0 200.1.1.1 * -> 135:139
doesn't work...
only when adding this rule: ACCEPT udp ---- 0.0.0.0/0 0.0.0.0/0 *->137:139 everythink works but udp port 137:139 is open for world!
anybody need more information?
* * Ralf 'coko' Koch * mailto:info@formel4.de * --- Windows-Error: Mouse not found - A mouse driver hasn't been installed. Please click the left mouse button to continue.