diff --git a/machines/modules/host_builder.nix b/machines/modules/host_builder.nix
index 98e7bb4a..772ce49f 100644
--- a/machines/modules/host_builder.nix
+++ b/machines/modules/host_builder.nix
@@ -135,8 +135,8 @@ rec {
         }]);
 
         #if networking is disabled forward port 80 to still have access to webservices
-        forwardPorts = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [
-          { from = "host"; host.port = 8080; guest.port = 80; }
+        forwardPorts = pkgs.lib.mkIf (!options.withNetworking && options.fwdPort != 0) (pkgs.lib.mkForce [
+          { from = "host"; host.port = options.fwdPort; guest.port = 80; }
         ]);
 
       };
@@ -212,12 +212,13 @@ rec {
       builtins.listToAttrs (map mapperFunc self.nixosConfigurations.${host}.config.services.malobeo.microvm.deployHosts);
     };
 
-    buildVM = host: networking: sopsDummy: disableDisko: varPath: writableStore: (self.nixosConfigurations.${host}.extendModules {
+    buildVM = host: networking: sopsDummy: disableDisko: varPath: writableStore: fwdPort: (self.nixosConfigurations.${host}.extendModules {
         modules = [
             (vmMicroVMOverwrites host { 
               withNetworking = networking; 
               varPath = "${varPath}"; 
-              writableStore = writableStore; })
+              writableStore = writableStore;
+              fwdPort = fwdPort; })
             (if sopsDummy then (vmSopsOverwrites host) else {})
             (if disableDisko then vmDiskoOverwrites else {})
           ] ++ pkgs.lib.optionals (hosts.malobeo.hosts.${host}.type != "microvm") [
diff --git a/scripts/run-vm.sh b/scripts/run-vm.sh
index c9eee2a4..3968cdd8 100644
--- a/scripts/run-vm.sh
+++ b/scripts/run-vm.sh
@@ -6,6 +6,7 @@ usage() {
     echo "--no-disko disable disko and initrd secrets. needed for real hosts like fanny"
     echo "--writable-store enables writable store. necessary for host with nested imperative microvms like fanny"
     echo "--var path to directory that should be shared as /var. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate"
+    echo "--fwd-port forwards the given port to port 80 on vm"
     exit 1
 }
 
@@ -22,6 +23,7 @@ DUMMY_SECRETS=false
 NO_DISKO=false
 RW_STORE=false
 VAR_PATH=""
+FWD_PORT=0
 
 # check argws
 shift
@@ -40,6 +42,15 @@ while [[ "$#" -gt 0 ]]; do
               usage
           fi
           ;;
+        --fwd-port) 
+          if [[ -n "$2" && ! "$2" =~ ^- ]]; then
+              FWD_PORT="$2"
+              shift
+          else
+              echo "Error: --var requires a non-empty string argument."
+              usage
+          fi
+          ;;
         *) echo "Unknown argument: $1"; usage ;;
     esac
     shift
@@ -53,4 +64,4 @@ if [ -n "$VAR_PATH" ]; then
   echo "sharing var directory: $VAR_PATH"
 fi
 
-nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\" $RW_STORE).config.microvm.declaredRunner"
+nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\" $RW_STORE $FWD_PORT).config.microvm.declaredRunner"