From 7d83693a69a16c9b64d24721dbea1c926f1a39cd Mon Sep 17 00:00:00 2001
From: Kroese <kroese@users.noreply.github.com>
Date: Sun, 8 Oct 2023 18:39:40 +0200
Subject: [PATCH] fix: dnat rule add dst restrictions

---
 run/network.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/run/network.sh b/run/network.sh
index e0ffaae..6a45de8 100644
--- a/run/network.sh
+++ b/run/network.sh
@@ -147,9 +147,11 @@ configureNAT () {
   ip link set dev "${VM_NET_TAP}" master dockerbridge
 
   # Add internet connection to the VM
+  IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
+
   iptables -t nat -A POSTROUTING -o "${VM_NET_DEV}" -j MASQUERADE
-  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -p tcp  -j DNAT --to $VM_NET_IP
-  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -p udp  -j DNAT --to $VM_NET_IP
+  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -d "${IP}" -p tcp  -j DNAT --to $VM_NET_IP
+  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -d "${IP}" -p udp  -j DNAT --to $VM_NET_IP
 
   if (( KERNEL > 4 )); then
     # Hack for guest VMs complaining about "bad udp checksums in 5 packets"