diff --git a/debian10-LXC.md b/debian10-LXC.md
index 7eda027..c0ac97b 100644
--- a/debian10-LXC.md
+++ b/debian10-LXC.md
@@ -49,3 +49,24 @@ sysctl -p
 lxc.net.0.ipv4.address = 10.0.3.<IP>/24
 lxc.net.0.ipv4.gateway = 10.0.3.1
 ```
+
+
+# UFW forwarding
+
+also dont forget to add the extenal port as allow rule
+add to /etc/ufw/before.rules
+
+to begin of file before *filter
+```
+*nat
+:PREROUTING ACCEPT [0:0]
+-A PREROUTING -i enp0s3 -p tcp --dport <extenal port> -j DNAT --to <ctip>:<internalport>
+COMMIT
+```
+
+to end of file before last COMMIT
+```
+#LXC forwards
+-A FORWARD -o lxcbr0 -j ACCEPT
+-A FORWARD -i lxcbr0 -j ACCEPT
+```