The first step is to get your first virtual machine (for me, Suspiria) on the Internet. You'll want to configure your second NIC, which for most will be eth2 but for some of you may be different if I had to make virtual hardware changes. My configuration on Suspiria looks like this... root@suspiria:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth1 iface eth1 inet static address 192.168.122.1 netmask 255.255.255.0 # The one for NAT through shasta auto eth2 iface eth2 inet static address 192.168.1.122 netmask 255.255.255.0 gateway 192.168.1.1 Your /etc/resolv.conf is probably already configured with the DNS servers for the CS department (this is some voodoo that happened when I did the install of Ubuntu with NAT so I could download the updates), but you'll need to edit /etc/network/interfaces and reboot to create the eth2 link, which goes to shasta that is willing to do Network Address Translation masquerading for you. The gateway in this case, 192.168.1.1, is shasta. Note that eth1 has no gateway, eth1 only is connected to the other virtual machine. Be sure to make your address on tapnat 192.168.1.? where ? is the same number as you used for your network number for your group. This way we won't have IP address conflicts. Now that the first VM is on the Internet, let's set it up as a gateway so the other virtual machine can connect to the Internet through it. We'll follow the "ufw Masquerading" instructions from this link: https://help.ubuntu.com/10.04/serverguide/C/firewall.html First, edit /etc/default/ufw to make the default policy for forwarding packets to be ACCEPT, by making the appropriate rule look like this: DEFAULT_FORWARD_POLICY="ACCEPT" Then edit /etc/ufw/sysctl.conf to enable IP forwarding, by uncommenting the line, "net/ipv4/ip_forward=1". This change will only apply after reboot, so if you don't want to reboot you can also change directories to /proc/sys/net/ipv4/ and as root do the command "echo 1 > ip_forward". Sudo won't work for this, you need a root shell, by doing "sudo su -". Then you need to edit the firewall rules in "/etc/ufw/before.rules". for Suspiria it looks like this: # # rules.before # # Rules that should be run before the ufw command line added rules. Custom # rules should be added to one of these chains: # ufw-before-input # ufw-before-output # ufw-before-forward # # nat Table rules *nat :POSTROUTING ACCEPT [0:0] # Forward traffic from eth1 through eth2. -A POSTROUTING -s 192.168.122.0/24 -o eth2 -j MASQUERADE # don't delete the 'COMMIT' line or these nat table rules won't be processed COMMIT # Don't delete these required lines, otherwise there will be errors *filter :ufw-before-input - [0:0] :ufw-before-output - [0:0] :ufw-before-forward - [0:0] :ufw-not-local - [0:0] # End required lines # allow all on loopback -A ufw-before-input -i lo -j ACCEPT -A ufw-before-output -o lo -j ACCEPT # Allow SSH -A ufw-before-input -p tcp --dport 22 -j ACCEPT -A ufw-before-output -p tcp --sport 22 -j ACCEPT # quickly process packets for which we already have a connection -A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT -A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT ... I simply added rules for NAT forwarding and for SSH. Make sure you add the accept rules for SSH, otherwise when you turn on the ufw firewall you'll no longer be able to SSH to that VM (the console via port forwarding will still work, though, so you can always fix it). Also, in the future, when you're setting up other services like iperf, keep in mind that the firewall is now enabled so you need to punch holes in it to do things. Now do... root@suspiria:/etc/ufw# ufw disable && ufw enable Now make sure your second VM is setup to use the first as a gateway. In my case Woods looks like this... root@woods:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth1 iface eth1 inet static address 192.168.122.2 netmask 255.255.255.0 gateway 192.168.122.1 Also configure ufw and enable it on your second VM. Be sure to put a hole in the firewall for SSH. Now, once both machines are on the Internet, use tcpdump to figure out how NAT works. You'll want to use the -nnn option and take a look at the port numbers for both interfaces on your first VM. Also test your ufw firewall. You can use nc to listen and connect on arbitrary ports and pass text back and forth. Convince yourselves that you understand how everything we just set up works, or ask myself or one of the TAs to explain part you don't understand. You'll need to thoroughly understand all of this in order to do lab 1, so playing around with your network after you've conifugred it is highly encouraged.