Is there any iptables script with failover function.
we are having two desktop as firewall and we want to provide redundancy..
Any one to help???

If you have iptables configured as a stateful inspection firewall this is not so simple. You need to find a way to sync the connection tracking table of both (all) machines. This is what ct_sync is for. Furthermore you will need a way to detect when it's failover time. keepalived from the Linux Virtual Server Project is an option.

Out of the box solutions for this don't exist. I've used such a setup in a lab environment and it seems fine. However, the ct_sync code is still rather experimental and subject to change. So I wouldn't use it in a production environment yet.

*BSD has the ability to sync connection tracking tables for quite a while longer (using pfsync). For now this might be the safer option.

At my company we replaced the main router for the network (an old cisco router) with 2 identical Linux machines. They use the heartbeat software (http://www.linux-ha.org/HeartbeatProgram) to work out if the other machine is still up. If one machine goes down the other will detect that (they are linked together by crossover ethernet cable and by serial cable) and will assume the role of primary machine.

The way it all works is that each machine has seperate IP addresses, in our case for eg. they appear on the LAN as 192.168.1.252 and 192.168.1.253. There is a 3rd heartbeat managed IP which belongs to whichever machine is primary at the moment. The third IP is 192.168.1.254 so we can just point machines on our LAN to that IP as the default gateway and it will be whatever machine is the primary machine for heartbeat at that time.

I have downloaded hearbeat before... But i'm having trouble configuring it... Can advise me how to configure it???

Thnx for ur help