diff --git a/hosts/ward/guests/home-gateway.nix b/hosts/ward/guests/home-gateway.nix
index 33c08ef..64a4055 100644
--- a/hosts/ward/guests/home-gateway.nix
+++ b/hosts/ward/guests/home-gateway.nix
@@ -1,4 +1,16 @@
 {nodes, ...}: {
+  # Forwarding required to masquerade netbird network
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+
+  wireguard.proxy-home.client.via = "ward";
+
+  networking.nftables.chains.forward.from-netbird = {
+    after = ["conntrack"];
+    rules = [
+      "iifname wt-home oifname lan accept"
+    ];
+  };
+
   environment.persistence."/persist".directories = [
     {
       directory = "/var/lib/netbird-home";
diff --git a/secrets/rekeyed/ward-home-gateway/0bbb5e764aa2a9af4721234a1adf16f7-wireguard-proxy-home-priv-ward-home-gateway.age b/secrets/rekeyed/ward-home-gateway/0bbb5e764aa2a9af4721234a1adf16f7-wireguard-proxy-home-priv-ward-home-gateway.age
new file mode 100644
index 0000000..f2dbd05
Binary files /dev/null and b/secrets/rekeyed/ward-home-gateway/0bbb5e764aa2a9af4721234a1adf16f7-wireguard-proxy-home-priv-ward-home-gateway.age differ
diff --git a/secrets/rekeyed/ward-home-gateway/96748183d0df26ae381fcd8421f2b469-wireguard-proxy-home-psks-ward+ward-home-gateway.age b/secrets/rekeyed/ward-home-gateway/96748183d0df26ae381fcd8421f2b469-wireguard-proxy-home-psks-ward+ward-home-gateway.age
new file mode 100644
index 0000000..b7ad0df
--- /dev/null
+++ b/secrets/rekeyed/ward-home-gateway/96748183d0df26ae381fcd8421f2b469-wireguard-proxy-home-psks-ward+ward-home-gateway.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 AIXmkg xeAsqWHEzqlkMvqjbuekoQrBabUf7aK+QWBxCMxqY1Y
+0dszOkaRd+watPW4giVRXpNCWOIm8T30GcImtFbFJas
+-> 2%P&7}-grease `] C(
+PlEZo3O8st37INvtLBTjvJF8Jl/ndZRInJ1hUh88JSXkOLKAXmtWhp78r/mpTiEo
+O4q77LYAhgBOd1zOgWZOnFBJT5hQYw
+--- 3KK/9MMXQ6g6frPQY8ve4wml54w2OPWV+u4lcV/fX6Q
+fÕ€:¨©N“ú1”mèó2Éégšhe¼Ÿ!mÞÂ=›g4¿ÓÛŒ­r‡€ÜìEôæ{~W‚êÏHNy›Ÿ:‹¥±Ïè%	ÌÐ4
\ No newline at end of file
diff --git a/secrets/rekeyed/ward/617cef8ee8a28751d28c3b00615800ad-wireguard-proxy-home-psks-ward+ward-home-gateway.age b/secrets/rekeyed/ward/617cef8ee8a28751d28c3b00615800ad-wireguard-proxy-home-psks-ward+ward-home-gateway.age
new file mode 100644
index 0000000..638f42b
--- /dev/null
+++ b/secrets/rekeyed/ward/617cef8ee8a28751d28c3b00615800ad-wireguard-proxy-home-psks-ward+ward-home-gateway.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 iNceIg M4hNwi/NQHxeydimbsI8KrlNtmumU/aN0bzvpmp0wyU
+SQeneo2PhTC6fy3A9+sQKez27Dxb37I2kk0/DAgRcPM
+-> *\-grease l gea\6 qs
+7TOXXrduIGA4H8TnUmuAZHqsJc2Sj7k5JdGnPnY5jJfpKQy5aiswjxohfTmO7S9U
+1S1bRBFW9o2+K18MdNDVa0Kw2Cq8OV2CNbAU5te6mZzdElB5qS41dF7TO1XCMQ
+--- TLg+d5ZwsGgON4s6VTpbUao1Tl8jUSFvgBeLYpoA8LE
+™;2,Ef.¯M}ã_tyýÙ”=»ãLRª+TÁþ¡ 2p!‘Ê!&N>-ƒ^	ûÖëšh‡þ]Ð˜Mõ»‚6³¯•=ƒÐ>n
\ No newline at end of file
diff --git a/secrets/wireguard/proxy-home/keys/ward-home-gateway.age b/secrets/wireguard/proxy-home/keys/ward-home-gateway.age
new file mode 100644
index 0000000..2c99617
--- /dev/null
+++ b/secrets/wireguard/proxy-home/keys/ward-home-gateway.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 WexH5aRimfmbE3unOZqNvIbdvKLwfAugdqXn7EmcehM
+x31GBIz3X+bI/p4SFn/K7By92LpuV69Dd0W2bqSv7Mo
+-> piv-p256 xqSe8Q AtUNCE4in5312J7ShXqIr1TD8FFphSZzVkX6N6Xe4djn
++VDhykhms+vIQ0R0XE2XRS7ED8OqSqD+Yes+5SRIfAU
+-> "Z[ZYAFS-grease
+l2c3aSNxX/prewgGqI2gIroAEw
+--- HG39qeG1AtgCinXfsMeGPcCUTWhunMOQGn5v4G2K6Hk
+¹Mï/tfæþºÀ¦‰‘$ä|áQ•<iôùàM;fù:Ê?j þ'‹PÆ-£|äÂ5g<½¡ØÞÌ–\gÈ$6(´8pº,¤š­
\ No newline at end of file
diff --git a/secrets/wireguard/proxy-home/keys/ward-home-gateway.pub b/secrets/wireguard/proxy-home/keys/ward-home-gateway.pub
new file mode 100644
index 0000000..8f02d63
--- /dev/null
+++ b/secrets/wireguard/proxy-home/keys/ward-home-gateway.pub
@@ -0,0 +1 @@
+NEu6ihUC40TJFSkS1OQSLvXhTXMFi+gB+SiJpS7QaQw=
diff --git a/secrets/wireguard/proxy-home/psks/ward+ward-home-gateway.age b/secrets/wireguard/proxy-home/psks/ward+ward-home-gateway.age
new file mode 100644
index 0000000..16de752
--- /dev/null
+++ b/secrets/wireguard/proxy-home/psks/ward+ward-home-gateway.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 TbaMNP46KrNdZMYWxpQ1arljQS2jLZt7wLpyEI1gIU4
+UmT4Wb38nfIIrGj7yLRPAvzywP5lBzXc3LYUZap7TdU
+-> piv-p256 xqSe8Q A/WhyWMIB4H9OMwOKPtbKDve0unt3PaoVQxkE48e3GPo
+d1Qcuvwe25A5GJnSnZCtRjJ0TSlmtzkOtkbTuSTvo6c
+-> F6Xl$-grease Hxm{'y
+bexOmNF4WuCbwExgYTbP20qwY3SAZkZqo5bp
+--- EehmuZUKYa59RtmMto3ZNWNrAcJrHYvRrssDfkPTUxM
+ß‚Ó=šÝ5Î$üšò7òH¾\,”dÒ\`¾ƒF¤¨ó1Måîƒï4ÑUuâê™ËOë»~CN~åÖ{¿Á¼¶I5šh
\ No newline at end of file