feat：添加端口占用查询说明

Author: spiritLHLS

docs/en/guide/oneclickvirt/oneclickvirt_qa.md

@@ -99,4 +99,58 @@ Commonly encountered in source code deployment, Dockerfile, and Docker Compose d
 
 Frequently observed in frontend compilation errors on ARM architectures
 
-Directly deploy using pre-compiled Docker container images or binary files (most reliable approach)
+Directly deploy using pre-compiled Docker container images or binary files (most reliable approach)
+
+
+## Some commands cannot detect NAT mapping rules for Incus and LXD.
+
+This is normal behavior.
+
+Incus/LXD port mapping defaults to **kernel-level NAT (DNAT + FORWARD)** and **does not create port listening processes on the host machine**.
+Therefore, traditional port occupancy tools typically **will not show any results**.
+
+For example, the following commands will **not detect host port usage**:
+
+```shell
+ss -lntup
+lsof -i
+netstat -lntp
+```
+
+Only by running:
+
+```shell
+incus config device show instance1
+```
+
+or:
+
+```shell
+lxd config device show instance1
+```
+
+to view configured port mapping rules, as traffic bypasses the host and forwards directly externally.
+
+The correct method to check port mappings is to examine nftables rules
+
+```shell
+nft list ruleset
+```
+
+or view only the NAT table:
+
+```shell
+nft list table ip nat
+```
+
+On systems using `iptables`, use:
+
+```shell
+iptables -t nat -L
+```
+
+If traffic is flowing in or out, inspect actual connection states with:
+
+```shell
+conntrack -L | grep <port>
+```

docs/guide/oneclickvirt/oneclickvirt_qa.md

@@ -94,10 +94,63 @@ internal error, please report: running “lxd.lxc” failed: cannot create trans
 
 最终还是需要在限制实例数量的时候，慎重考虑节点的性能，较弱或者限制较多的节点，建议不要开设过多实例
 
-## 自编译出现问题
+## 自编译出现依赖缺失或者兼容性问题
 
 常见于 源码部署、Dockerfile、DockerCompose 方式部署
 
 常见于 ARM 架构下前端编译出错
 
-直接使用 预编译的Docker容器镜像 或 直接使用二进制文件部署(最稳妥)
+直接使用 预编译的Docker容器镜像 或 直接使用二进制文件部署(最稳妥)
+
+## incus 和 lxd 进行 NAT 映射一些命令查不到映射规则
+
+这是正常现象。
+
+Incus / LXD 的端口映射默认使用 **内核态 NAT（DNAT + FORWARD）** 实现，并 **不会在宿主机上创建端口监听进程**。
+因此，使用传统的端口占用查询工具通常**无法看到任何结果**。
+
+例如，以下命令都 **查不到宿主机端口占用**：
+
+```shell
+ss -lntup
+lsof -i
+netstat -lntp
+```
+
+只有通过：
+
+```shell
+incus config device show 实例1
+```
+
+或：
+
+```shell
+lxd config device show 实例1
+```
+
+才能看到已配置的端口映射规则，因为流量不过宿主机直接对外转发。
+
+正确的端口映射查找方式是查看 nftables 规则
+
+```shell
+nft list ruleset
+```
+
+或仅查看 NAT 表：
+
+```shell
+nft list table ip nat
+```
+
+在使用 `iptables` 的系统中可使用：
+
+```shell
+iptables -t nat -L
+```
+
+如果有流量进出，查看真实连接状态可使用：
+
+```shell
+conntrack -L | grep <端口>
+```