Index: trunk/packages/invirt-web/files/etc/invirt-iptables/rules.d/50-invirt-web.mako
===================================================================
--- trunk/packages/invirt-web/files/etc/invirt-iptables/rules.d/50-invirt-web.mako	(revision 2873)
+++ trunk/packages/invirt-web/files/etc/invirt-iptables/rules.d/50-invirt-web.mako	(revision 2874)
@@ -2,6 +2,6 @@
 
 from invirt.config import structs as cfg
-h_port = cfg.vnc.base_port
-port = cfg.vnc.base_port
+host_port = cfg.vnc.base_port
+server_port = host_port
 
 %>\
@@ -11,7 +11,7 @@
 :OUTPUT ACCEPT [8:674]
 % for h in cfg.hosts:
--A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port}
--A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
-<% port += 1 %>
+-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${server_port} -j DNAT --to-destination ${h.ip}:${host_port}
+-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${host_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
+<% server_port += 1 %>\
 % endfor
 COMMIT
@@ -22,5 +22,5 @@
 :OUTPUT ACCEPT [292:53151]
 % for h in cfg.hosts:
--A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT 
+-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${host_port} -j ACCEPT 
 % endfor
 COMMIT