{ config, lib, pkgs, ... }:

{
  networking.nat.enable = false;
    boot = {
      kernelModules = [ "nf_nat_ftp" ];
      kernel.sysctl = {
        "net.ipv4.conf.all.forwarding" =  true;
        "net.ipv4.conf.default.forwarding" = true;
      };
    };

    networking.nftables = {
      enable = true;

      extraConfig = ''
table ip nat {
  chain prerouting {
    type nat hook prerouting priority -100
    iifname enp35s0 tcp dport { 22 } dnat ${config.containers.gitea.localAddress}:22
  }
  chain postrouting {
    type nat hook postrouting priority 100
    iifname lxcbr0 oifname enp35s0 masquerade
iifname ve-* oifname enp35s0 masquerade
    
  }
}
      '';
    };
}