図4　仮想ネットワークの定義ファイル「public.xml」

＃＃
<network>
  <name>public</name>
  <bridge name='virbr2'/>
  <ip address='192.168.2.1' netmask='255.255.255.0'>
  </ip>
</network>

＃＃

図5 仮想マシンの構成変更


<interface type='network'>
      <mac address='52:54:00:62:80:8c'/>
      <source network='private'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>

    <interface type='network'>
      <source network='public'/>
      <model type='virtio'/>
    </interface>


＃＃
図6　/etc/sysconfig/network-scripts/ifcfg-eth1


DEVICE=eth1
HWADDR=52:54:00:3E:55:4C
BOOTPROTO=static
IPADDR=192.168.2.254
NETMASK=255.255.255.0
NM_CONTROLLED=no
ONBOOT=yes

＃＃
図7　/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
HWADDR=52:54:00:09:4C:AE
BOOTPROTO=static
IPADDR=192.168.2.100
NETMASK=255.255.255.0
GATEWAY=192.168.2.254
NM_CONTROLLED=no
ONBOOT=yes


＃＃
図8　/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
HWADDR=52:54:00:AA:63:4C
BOOTPROTO=static
IPADDR=192.168.122.100
NETMASK=255.255.255.0
NM_CONTROLLED=no
ONBOOT=yes

＃＃

＃＃
図11　nat01の/etc/sysconfig/iptables（抜粋）
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.2.100 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p udp -m udp --dport 69 -j ACCEPT

この行を追加


＃＃
図15　/etc/sysconfig/iptables（送受信パケットの記録） 

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j LOG --log-prefix "[INPUT] "
-A OUTPUT -j LOG --log-prefix "[OUTPUT] "
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT