I assume that you have a running debian wheezy host with libvirt and qemu/kvm installed. You need two guest VMs for this. The first guest will get the IP 192.168.100.2 and the second will get 192.168.100.100. All following commands must be run with sudo or under root.

We create a new network named internal with libvirt and use it with the IP range of 192.168.100.2 - 192.168.100.254 to build our private network.

For the network and the two guest VMs we need MAC addresses. Create three random MACs with: (you must run it three times ;))

MACADDR="52:54:00:$(dd if=/dev/urandom bs=512 count=1 2>/dev/null | md5sum | sed 's/^\(..\)\(..\)\(..\).*$/\1:\2:\3/')"; echo $MACADDR

Copy all three to a text editor for later usage. Label the first internal network and the other tow guest 1 and guest 2 for reference.

Let's create the network. Open a new file:

nano /etc/libvirt/qemu/networks/internal.xml

Paste the following template:

<network>
  <name>internal</name>
  <forward mode='nat'/>
  <bridge name='virbr1' stp='on' delay='0'/>
  <mac address='YOUR_RANDOM_MAC_ADDRESS_FOR_THE_NETWORK'/>
  <ip address='192.168.100.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.100.2' end='192.168.122.254'/>
      <host mac='YOUR_RANDOM_MAC_ADDRESS_FOR_GUEST_1' ip='192.168.100.2'/>
      <host mac='YOUR_RANDOM_MAC_ADDRESS_FOR_GUEST_2' ip='192.168.100.100'/>
    </dhcp>
  </ip>
</network>

Now replace the uppercase strings with your created MAC addresses and save the file.

Hint I have called the bridge virbr1 because in most cases you will already have another network (virbr0). If you have multiple networks or bridges please select an unused name. Otherwise you will get an error while creating or starting the network.

Now let us define/load the new network:

virsh net-define /etc/libvirt/qemu/networks/internal.xml

From now on, if you want to edit your new network you must use virsh net-edit otherwise all changes will be overwritten (there is a warning if you open the file with a normal editor). If you want to take a look at the new network:

EDITOR=nano virsh net-edit internal

Let's start the network:

virsh net-start internal

You should now be able to ping the first IP of the created range:

ping 192.168.100.1

You should see an output like:

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.049 ms

Stop it with ctrl+c.

If you want to autostart the internal network with boot, run:

virsh net-autostart internal

Let's move on and create NICs for the each guest. We open the config of each VM and add a new interface.

Replace the uppercase strings with a) the name of your first vm to edit and b) the MAC address from above for guest 1 and run it:

virsh attach-interface --domain <NAME_OF_GUEST_1_VM> --type network --source internal --model virtio --mac <YOUR_RANDOM_MAC_ADDRESS_FOR_GUEST_1> --config

It should yield Interface attached successfully. Repeat the command by replacing the guest name and the MAC address with the ones for the second vm, guest 2.

You can check out the new NICs with:

virsh domiflist <NAME_OF_GUEST_1_VM>
virsh domiflist <NAME_OF_GUEST_2_VM>

It should show something like:

Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    internal   virtio      YOUR_CREATED_MAC_ADDRESS

Perfect. Now, if the guests are running please shut them down - and I mean shut the down, don't restart them.