From 6cbe03f6560b4b8d459fa0925e29ec8b030f9097 Mon Sep 17 00:00:00 2001
From: Kroese <kroese@users.noreply.github.com>
Date: Fri, 29 Dec 2023 17:20:18 +0100
Subject: [PATCH] fix: Port forwarding (#520)

---
 src/network.sh | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/network.sh b/src/network.sh
index 6f2b133..9848753 100644
--- a/src/network.sh
+++ b/src/network.sh
@@ -4,6 +4,7 @@ set -Eeuo pipefail
 # Docker environment variables
 
 : ${DHCP:='N'}
+: ${HOST_PORTS:=''}
 : ${MAC:='02:11:32:AA:BB:CC'}
 
 : ${VM_NET_DEV:=''}
@@ -144,8 +145,18 @@ configureNAT() {
   update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null
   update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null
 
+  if  [[ -z "$HOST_PORTS" ]] && [[ "${DISPLAY,,}" == "vnc" ]]; then
+    HOST_PORTS="5900"
+  fi
+
+  local PORT_ARGS=""
+  for PORT in $HOST_PORTS; do
+    PORT_ARGS="$PORT_ARGS ! --dport $PORT"
+  done
+
   iptables -t nat -A POSTROUTING -o "$VM_NET_DEV" -j MASQUERADE
-  iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp  -j DNAT --to "$VM_NET_IP"
+  # shellcheck disable=SC2086
+  iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp $PORT_ARGS -j DNAT --to "$VM_NET_IP"
   iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p udp  -j DNAT --to "$VM_NET_IP"
 
   if (( KERNEL > 4 )); then