I have a NW6.0 SBS with BM3.8 all patched up to what currently exists
today (including the NSS4B patch). There are three NICs (Pri01, Pri02,
PUBLIC). I want the usual filters and exceptions between PUBLIC to/from
Pri01, Pri02. I want NO filtering between Pri01 and Pri02.

Through iManager in the Packet Forwarding Exceptions I set up (what I
thought) was an exception for <any> "service type" with source <Pri01>
and destination <Pri02>; and likewise another exception for <any>
"service type" with source <Pri02> and destination <Pri01>.
I checked in FILTCFG and two exceptions have been added.

With filters loaded:
In a Windows explorer on either Pri01 or Pri02, a user selects the CIFS
server (on the BM box) and gets "Destination Host unreachable..."

With filters unloaded (unload ipflt):
In a Windows explorer on either Pri01 or Pri02, a user selects the CIFS
server (on the BM box) and sees all the shares and can map drive letters
to them.

With filters unloaded (unload ipflt):
A user maps a drive letter to a CIFS share and starts a long file
transfer. While this is going on I reload the filters (load ipflt).
The file transfer continues uninterrupted. However, the other users
again get the "Destination Host unreachable..." when trying to browse to
the CIFS shares.

Questions:
Are the two exceptions I created the proper way to allow all traffic of
any kind to move between Pri01 and Pri02?

Why does the established windows connection to the CIFS server (on the
BM box) remain valid when I reload the filters even though another
Windows box can not make a new connection?

What filter exceptions do I need to let users on Pri01 and Pri02 use the
CIFS shares on the BM box?

Thanks

Bob