doc: fix missing iptables rule for network-for-clones.md

There lacks one iptables configuration about setup egress connectivity.
As shown in [1], it should add a MASQUERADE rules inside the netns.
After that, the host iptable rules of source ip 10.0.0.0/30 should work.
Without that, the host can only see packet of ip 192.168.241.1/29 from
guest VM.

[1]: https://github.com/firecracker-microvm/firecracker/blame/7dfe2765849c2444a22defa11be8641508c5ce5c/tests/framework/microvm_helpers.py#L194

Signed-off-by: huang-jl <[email protected]>

Author: huang-jl

docs/snapshotting/network-for-clones.md

@@ -113,6 +113,7 @@ have the same internal IP).
 # Find the host egress device
 UPSTREAM=$(ip -j route list default |jq -r '.[0].dev')
 # anything coming from the VMs, we NAT the address
+ip netns exec fc0 iptables -t nat -A POSTROUTING -s 192.168.241.1/29 -o veth0 -j MASQUERADE
 iptables -t nat -A POSTROUTING -s 10.0.0.0/30 -o $UPSTREAM -j MASQUERADE
 # forward packets by default
 iptables -P FORWARD ACCEPT