fix: Port forwarding (#520)

src/network.sh

@@ -4,6 +4,7 @@ set -Eeuo pipefail
 # Docker environment variables
 
 : ${DHCP:='N'}
+: ${HOST_PORTS:=''}
 : ${MAC:='02:11:32:AA:BB:CC'}
 
 : ${VM_NET_DEV:=''}
@@ -144,8 +145,18 @@ configureNAT() {
   update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null
   update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null
 
+  if  [[ -z "$HOST_PORTS" ]] && [[ "${DISPLAY,,}" == "vnc" ]]; then
+    HOST_PORTS="5900"
+  fi
+
+  local PORT_ARGS=""
+  for PORT in $HOST_PORTS; do
+    PORT_ARGS="$PORT_ARGS ! --dport $PORT"
+  done
+
   iptables -t nat -A POSTROUTING -o "$VM_NET_DEV" -j MASQUERADE
-  iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp  -j DNAT --to "$VM_NET_IP"
+  # shellcheck disable=SC2086
+  iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp $PORT_ARGS -j DNAT --to "$VM_NET_IP"
   iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p udp  -j DNAT --to "$VM_NET_IP"
 
   if (( KERNEL > 4 )); then