diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix
index b054a2a..3c697b9 100644
--- a/nixos/hosts/wheatley/configuration.nix
+++ b/nixos/hosts/wheatley/configuration.nix
@@ -205,6 +205,11 @@
     };
   };
 
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+
+  networking.firewall.extraCommands = ''
+    iptables -t nat -A POSTROUTING -s 10.5.5.1/24 ! -d 10.5.5.1/24 -j MASQUERADE
+  '';
   networking.firewall = {
     enable = true;
     allowPing = false;