If you have iptables configured as a stateful inspection firewall this is not so simple. You need to find a way to sync the connection tracking table of both (all) machines. This is what
ct_sync is for. Furthermore you will need a way to detect when it's failover time. keepalived from the
Linux Virtual Server Project is an option.
Out of the box solutions for this don't exist. I've used such a setup in a lab environment and it seems fine. However, the ct_sync code is still rather experimental and subject to change. So I wouldn't use it in a production environment yet.
*BSD has the ability to sync connection tracking tables for quite a while longer (using pfsync). For now this might be the safer option.