I have little problem with my debian and iptables.. I installed another NIC to my server (3com 3c905b) and all worked fine when I put on iptables.. Traffic will go through both NIC's couple of hours and after that iptables block all traffic from installed 3c905b.
Both cards are 3com 3c905b and they got their ip's from dhcp.. Can someone say what help to this problem?

Edit: Now it started to work and I didn't do nothing
Let's see how long it work now

Edit2: Now it block all traffic again.. Who know how I can fix this problem?

Edit3: IP works now, but I don't know how long.. When it works it work 1-2 hours and then all traffic go down for 3-4hours.. What can cause this

Doesn't sound like the firewall unless you have the IP addresses hard-coded into the iptables script. Sounds more like a DHCP or routing+DHCP issue. See if the outages coincide with the system getting a new IP address lease.

Now it is sure that firewall is not blocking traffic.. I used tcpdump to eth1 and it says this when something start to block traffic:

18:24:03.131958 80.223.XXX.XXX.3703 > 80.223.1XX.XXX.135: S 3837510325:3837510325
(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
18:24:06.059505 80.223.XX.XXX.3703 > 80.223.1XX.XXX.135: S 3837510325:3837510325
(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
18:24:12.068381 80.223.XXX.XXX.3703 > 80.223.1XX.XXX.135: S 3837510325:3837510325
(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
18:24:28.584656 62.73.33.48.6667 > 80.223.1XX.XXX.33272: FP 0:108(108) ack 1 win
2896 <nop,nop,timestamp 539259193 2156662> (DF)
18:24:37.867088 80.223.1XX.XXX > 80.223.1XX.XXX: icmp: echo request
18:25:24.138067 80.223.1XX.XXX.4014 > 80.223.1XX.XXX.445: S 3881765756:388176575
6(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
18:25:27.095391 80.223.1XX.XXX.4014 > 80.223.1XX.XXX.445: S 3881765756:388176575
6(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
18:25:29.034455 81.35.129.147.3318 > 80.223.1XX.XXX.135: S 2524344233:2524344233
(0) win 16384 <mss 1452,nop,nop,sackOK> (DF)
18:25:32.584186 62.73.33.48.6667 > 80.223.1XX.XXX.33272: FP 0:108(108) ack 1 win
2896 <nop,nop,timestamp 539265593 2156662> (DF)
18:25:32.816215 81.35.129.147.3318 > 80.223.1XX.XXX.135: S 2524344233:2524344233
(0) win 16384 <mss 1452,nop,nop,sackOK> (DF)

Does this say anything to someone?
Edit: Those don't come when is traffic on eth1

I'd guess that it looks like the packets are going off to nowhere, like the host is down or not responding (like if it had a new IP). Though it is very hard to tell what is going on because you didn't tell us what we are looking at (ie which machines have what IP (there are at least 4 different IPs), you smartly masked the IPs for the 80.223.1 machines but we cannot readily distinguish one from the other. What we do see is a number of syn packets being sent and re-sent and an icmp echo request, but no acks or icmp reply coming from either 80.223.1.

When you see this happening look at the IP addresses assigned to the various machines/cards and compare that with the packets. It might also be helpful to repost the above (or just edit it) and include an explanation of what the IPs correspond to and what is generating traffi, etc..

You might also just want to turn off you firewall temporarily when a disruption occurs, just to completely rule it out