I recently rebuilt our firewall, it has an Intel MB which uses the eepro100 driver for eth0 and I have a DLink quad ethernet using the sundance driver.

I am using iptables of Fedora Core 1.

I have been finding that after running for an undetermined period of time, traffic across eth0 stops. Nothing is logged to indicate a problem it just doesn't go anymore. eth1-4 still work fine.

Rebooting the firewall box restores service.

I have searched for similiar scenarios but unfortunately it is difficult to know what question to ask. I am suspecting a problem with IPTABLES.

To solve this problem we will have to determine what is working and what is not.
When your box stop working, what is and is not working then?
Can you ping your eth0 from that machine?
What does ifconfig say? Is eth0 up and having an IP?
How does your routing table look? route
Is IPv4 forwarding still active? cat /proc/sys/net/ipv4/ip_forward (should return 1)

Nothing on the 192.168.1/24 can ping the interface and from the firewall box, I can't ping any of the others but the 192.168.1/24 machines can still ping each other. As far as I can see that pretty well nails the problem as being on the firewall.

eth0 has its IP 192.168.1.254 and is up.
ip_forwarding is set and is working fine between the other 4 interfaces.
the routing tables look fine. I forgot to include in my original post that I am running quagga ( zebra and bgpd ) but dont think it is relevant.

I came across a post that sounded a bit similiar and the solution for that person was to turn off all of the iptables rules and then turn them on again i.e. service iptables restart. I haven't tried this yet as the failure takes a while to occur, 3 weeks between the last two occurances.

You are correct, at this time I don't really know what is broken. It could be a problem with the eepro100 driver and this Manboard, it could be an iptables issue, it could be something else entirely :-(

What kind of error do you encounter when the eth0 stop working?
You still have link on the NIC?
Are the firewall rules the same when the machine is working as it is when it's not?

Make printout of your iptables settings when it's working and compare. Pay special attention to the INPUT and OUTPUT chains.

From the firewall box cant you ping any interface or host? What so ever.
If not I would bet on the firewall blocking something in the INPUT or OUTPUT chain. These chain aren't traversed for forwarded packets, host to host on your DLink card.

No error is reported by the kernel or anything else that I can find.
Electrically, the link is still up. The led on the NIC socket is on.

No changes have been made to the iptables rules. I have a pretty stable rule set, it is a little messy because of the topology but other than this mysterious problem it works fine. I have checked the rules and I am not using INPUT or OUTPUT only FORWARD and POSTROUTING in the nat table.