diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix
index b703d71ef..884d9a99d 100644
--- a/lass/2configs/gg23.nix
+++ b/lass/2configs/gg23.nix
@@ -25,14 +25,15 @@ with import <stockholm/lib>;
     #   Managed = true;
     # };
   };
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   systemd.network.networks."50-int0" = {
     name = "int0";
     address = [
       "10.42.0.1/24"
     ];
     networkConfig = {
-      IPForward = "yes";
-      IPMasquerade = "both";
+      # IPForward = "yes";
+      # IPMasquerade = "both";
       ConfigureWithoutCarrier = true;
       DHCPServer = "yes";
       # IPv6SendRA = "yes";
@@ -51,6 +52,9 @@ with import <stockholm/lib>;
   krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
     { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; }
   ];
+  krebs.iptables.tables.nat.POSTROUTING.rules = [
+    { v6 = false; predicate = "-s 10.42.0.0/24"; target = "MASQUERADE"; }
+  ];
 
   networking.domain = "gg23";