diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix
index bf09956ee..8951e9d03 100644
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@@ -502,16 +502,19 @@ in
         ips = [ "192.168.20.1/24" ];
         privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey";
         listenPort = 51820;
-        allowedIPsAsRoutes = false;
+        allowedIPsAsRoutes = true;
         peers = [
           {
-            allowedIPs = [ "0.0.0.0/0" ];
+            allowedIPs = [ "192.168.20.2/32" ];
             publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE=";
           }
         ];
       };
     };
 
+    nat.internalInterfaces = [ "wg0" ];
+    nat.internalIPs = [ "192.168.20.0/24" ];
+
     firewall.allowedTCPPorts = [
       51413 # Transmission
       8448 # Matrix federation