diff --git a/parsons/configuration.nix b/parsons/configuration.nix
index aea3587..6cd72ed 100644
--- a/parsons/configuration.nix
+++ b/parsons/configuration.nix
@@ -6,8 +6,8 @@
     ./hardware.nix
     modules.encboot
     modules.network.nftables
-    modules.nftnat
     modules.nopersist
+    ./nftables.nix
     ./nextcloud.nix
     ./mattermost.nix
     ./murmur.nix
@@ -40,9 +40,6 @@
   networking.hostId = "b2867696";
   networking.useDHCP = true;
   networking.nftables.enable = true;
-  hexchen.nftables.nat.enable = true;
-  networking.nat.internalInterfaces = ["ve-+"];
-  networking.nat.externalInterface = "enp35s0";
 
   networking.hostName = "parsons";
 
diff --git a/parsons/forgejo.nix b/parsons/forgejo.nix
index 5787f79..001bd63 100644
--- a/parsons/forgejo.nix
+++ b/parsons/forgejo.nix
@@ -96,9 +96,4 @@
       proxyPass = "http://${config.containers.gitea.localAddress}:3000";
     };
   };
-  hexchen.nftables.nat.forwardPorts = [{
-    ports = [ 22 ];
-    destination = "${config.containers.gitea.localAddress}:22";
-    proto = "tcp";
-  }];
 }
diff --git a/parsons/nftables.nix b/parsons/nftables.nix
new file mode 100644
index 0000000..c2cd19d
--- /dev/null
+++ b/parsons/nftables.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking.nat.enable = false;
+    boot = {
+      kernelModules = [ "nf_nat_ftp" ];
+      kernel.sysctl = {
+        "net.ipv4.conf.all.forwarding" =  true;
+        "net.ipv4.conf.default.forwarding" = true;
+      };
+    };
+
+    networking.nftables = {
+      enable = true;
+
+      extraConfig = ''
+table ip nat {
+  chain prerouting {
+    type nat hook prerouting priority -100
+    iifname enp35s0 tcp dport { 22 } dnat ${config.containers.gitea.localAddress}:22
+  }
+  chain postrouting {
+    type nat hook postrouting priority 100
+    iifname lxcbr0 oifname enp35s0 masquerade
+iifname ve-* oifname enp35s0 masquerade
+    
+  }
+}
+      '';
+    };
+}