在RedHat AS5上用iptables做NAT网关＋远程kiwisyslog记录日志的配置

gxmanager

今天参考了很多前辈的优秀在资料，在RedHat AS5上用iptables做NAT网关＋远程使用kiwisyslog记录日志配置如下：供大家参考
[root@localhost etc]# uname -r
2.6.18-8.el5
[root@localhost rc.d]# more rc.local
i#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
ifconfig eth0 124.161.X.X netmask 255.255.255.224
ifconfig eth2 192.168.7.1 netmask 255.255.255.0
route add default gw 124.161.X.1
route add -net 172.17.24.0 netmask 255.255.248.0 gw 192.168.7.2
route add -net 172.18.0.0 netmask 255.255.0.0 gw 192.168.7.2
route add -net 172.24.1.0 netmask 255.255.255.0 gw 192.168.7.2
route add -net 172.25.0.0 netmask 255.255.0.0 gw 192.168.7.2
route add -net 172.26.0.0 netmask 255.255.0.0 gw 192.168.7.2
route add -net 172.27.0.0 netmask 255.255.254.0 gw 192.168.7.2
route add -net 10.16.0.0 netmask 255.255.0.0 gw 192.168.7.2
iptables -F
#recevie syslog
iptables -I FORWARD -m state --state NEW -j LOG --log-level debug
#SNAT
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 124.161.X.X
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/ip_forward
rm -rf issue
rm -rf issue.net
cp logo issue
[root@localhost etc]# more syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure
# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog
# Log cron stuff
cron.*                                                  /var/log/cron
# Everybody gets emergency messages
*.emerg                                                 *
# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler
# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log
#remote net recevie stepup
kern.=debug    @172.17.24.250   #远程kiwisyslog服务器IP地址
[root@localhost etc]#

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u3/106119/showart_2094890.html