Hi, I want to setup a firewall HA cluster providing SNAT/Masquerade for clients. >From `man iptables-extensions` (1.6.1, kernel 4.19) I know that it is not possible to specify a src addr for `-j MASQUERADE`, but `SNAT` provides `--to-source`. And `MASQUERADE` only uses the first/primary address of the outgoing interface, right? So SNAT is the only option here? Question: The cluster would run as active/backup, and in case of an fail-over it would simply sync internal and external caches and fail-over the secondary (virtual) address? Are there any other options? In case you have documentation on this topic on hand, could you send me link, as I was unable to find any for this particular use case :/ Thanks, Bernd
