独立したネットワークにVMをたててインターネットに接続できるようにする．

NAPT

/etc/netplan/00-installer-config.yaml

# This is the network config written by 'subiquity'
network:
  ethernets:
    ens160:
      addresses:
      - 192.168.20.2/24
      nameservers:
        addresses: []
        search: []
    ens192:
      addresses:
      - 10.204.227.167/24
      gateway4: 10.204.227.2
      nameservers:
        addresses:
        - 10.200.70.35
        search: []
  version: 2

VM側

/etc/netplan/00-installer-config.yaml

network:
  ethernets:
    ens160:
      addresses:
      - 192.168.20.5/24
      routes:
      - to: 0.0.0.0/0
        via: 192.168.128.2
      nameservers:
        addresses:
        - 10.200.70.35
        search: []
  version: 2

参考にした記事 - ufwでNATとポートフォーワード -

NPT側

/etc/netplan/00-installer-config.yaml

network:
  ethernets:
    ens34:
      dhcp4: true
    ens37:
      dhcp4: false
      addresses: [192.168.128.1/24]
  version: 2

/etc/default/ufw

- DEFAULT_FORWARD_POLICY="DROP"
+ DEFAULT_FORWARD_POLICY="ACCEPT"

追記する

/etc/ufw/sysctl.conf

net/ipv4/ip_forward=1

追記する．*filterの上に書く (外側から内側は解明できていないためコメントアウト：というより独立したネットワークなら書かない方が良さそう)

/etc/ufw/before.rules

# NAT
*nat
-F
:POSTROUTING ACCEPT [0:0]
# 内側から外側
-A POSTROUTING -s 192.168.128.0/24 -o ens34 -j MASQUERADE
# 外側から内側
#-A PREROUTING -i eth0 -d xxx.xxx.xxx.xxx -p tcp --dport 50001 -j  DNAT --to-destination 192.168.50.100:22
COMMIT

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:f2:07:e4 brd ff:ff:ff:ff:ff:ff
    altname enp2s2
    inet 192.168.100.120/24 metric 100 brd 192.168.100.255 scope global dynamic ens34
       valid_lft 8454sec preferred_lft 8454sec
    inet6 fe80::20c:29ff:fef2:7e4/64 scope link
       valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:f2:07:ee brd ff:ff:ff:ff:ff:ff
    altname enp2s5
    inet 192.168.128.1/24 brd 192.168.128.255 scope global ens37
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fef2:7ee/64 scope link
       valid_lft forever preferred_lft forever

VM側

/etc/netplan/00-installer-config.yaml

network:
  ethernets:
    ens34:
      addresses:
      - 192.168.128.5/24
      routes:
      - to: 0.0.0.0/0
        via: 192.168.128.1
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]
        search: []
  version: 2

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:3b:e4:00 brd ff:ff:ff:ff:ff:ff
    altname enp2s2
    inet 192.168.128.5/24 brd 192.168.128.255 scope global ens34
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe3b:e400/64 scope link
       valid_lft forever preferred_lft forever