diff --git a/g20/rootfs/etc/ufw/before.rules b/g20/rootfs/etc/ufw/before.rules
new file mode 100644
index 0000000..5167de0
--- /dev/null
+++ b/g20/rootfs/etc/ufw/before.rules
@@ -0,0 +1,12 @@
+*nat
+-A POSTROUTING -s 192.168.16.0/24 -o eth0 -j MASQUERADE
+
+# to g18 gitea
+-A PREROUTING -d 219.243.215.203 -p tcp --dport 443 -j DNAT --to 192.168.16.118:443
+-A POSTROUTING -d 192.168.16.118 -p tcp --dport 443 -j SNAT --to 192.168.16.2
+-A PREROUTING -d 219.243.215.203 -p tcp --dport 80 -j DNAT --to 192.168.16.118:80
+-A POSTROUTING -d 192.168.16.118 -p tcp --dport 80 -j SNAT --to 192.168.16.2
+-A PREROUTING -d 219.243.215.203 -p tcp --dport 22 -j DNAT --to 192.168.16.118:22
+-A POSTROUTING -d 192.168.16.118 -p tcp --dport 22 -j SNAT --to 192.168.16.2
+
+COMMIT