Despite having limited experience I look after a small business network. We use an IPCop firewall and on our internal network we have a Centos3 Fileserver and half a dozen linux desktops connected by nfs and a printer running IPP on port 631.

A short while ago, after the office was emptied and only the file server was running, I noticed a lot of activity on the firewall. Running ethereal on the file server gave me a stream of reports like the following. On our network 192.168.20.20 is the file server and 192.168.20.10 is the firewall's internal interface.
No. Time Source Destination Protocol Info
1934 306.961029 192.168.20.20 192.168.20.10 TCP 60214 > microsoft-ds [ACK] Seq=761 Ack=7736 Win=20440 Len=0

Frame 1934 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jul 20, 2006 23:33:13.806652000
Time delta from previous packet: 221.129479000 seconds
Time since reference or first frame: 306.961029000 seconds
Frame Number: 1934
Packet Length: 54 bytes
Capture Length: 54 bytes
Protocols in frame: eth:ip:tcp
Coloring Rule Name: TCP
Coloring Rule String: tcp

Why would a linux file server be sending TCP smb packets to the firewall?

Could someone enlighten me?
Thanks indeed

Probaly because you are running Samba on the Linux server. Samba is designed to allow one to do smb shares with MS-Windoze so you can mount Windows exports to Linux and vice versa. It certainly does smb traffic.