diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index c7ac809..87747c7 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -8,8 +8,8 @@ wifi:
   channel: 6           # Wi-Fi channel (2.4 GHz band, e.g., 6 is common)
 
 network:
-  lan_subnet: 192.168.7.0/24
-  lan_gateway: 192.168.7.1/24
+  lan_subnet: 192.168.73.0/24
+  lan_gateway: 192.168.73.1/24
   lan_dns: 8.8.8.8
   lan_domain: hamhotspot.internal
 
diff --git a/ansible/roles/ax25/templates/ax.network.j2 b/ansible/roles/ax25/templates/ax.network.j2
index 31eb73c..1707fbe 100644
--- a/ansible/roles/ax25/templates/ax.network.j2
+++ b/ansible/roles/ax25/templates/ax.network.j2
@@ -2,4 +2,4 @@
 Name={{ radio.ax_iface }}
 
 [Network]
-Address={{ radio.ip_address }}
\ No newline at end of file
+Address={{ radio.ip_address }}
diff --git a/ansible/roles/networking/tasks/main.yml b/ansible/roles/networking/tasks/main.yml
index 9070213..8684285 100644
--- a/ansible/roles/networking/tasks/main.yml
+++ b/ansible/roles/networking/tasks/main.yml
@@ -28,3 +28,11 @@
     name: hostapd
     enabled: true
     state: started
+
+# Set up NAT
+- name: Install custom NAT masquerading rule
+  ansible.builtin.copy:
+    dest: /etc/nftables.d/10-ham-hotspot.nft
+    src: nftables/ham-hotspot.nft.j2
+    mode: "0644"
+  notify: Restart nftables
diff --git a/ansible/roles/networking/templates/ham-hotspot-nat.nft.j2 b/ansible/roles/networking/templates/ham-hotspot-nat.nft.j2
new file mode 100644
index 0000000..ba384dc
--- /dev/null
+++ b/ansible/roles/networking/templates/ham-hotspot-nat.nft.j2
@@ -0,0 +1,8 @@
+table ip nat {
+  chain postrouting {
+    type nat hook postrouting priority srcnat; policy accept;
+    {% for radio in radios %}
+    oif "{{ radio.ax_iface }}" masquerade
+    {% endfor %}
+  }
+}