diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index 3ec9f39..b1bef77 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -70,7 +70,7 @@
             # Allow networks to access the dns and dhcp
             iifname {
               "lan",
-              "vb-gitea",
+              "ve-gitea",
               "podman0",
               "infrastructure",
               "wg_cloonar",
@@ -80,7 +80,7 @@
             iifname {
               "lan",
               "podman0",
-              "vb-gitea",
+              "ve-gitea",
               "infrastructure",
               "wg_cloonar",
               "smart",
@@ -111,14 +111,14 @@
 
             # lan and vpn to any
             # TODO: disable wan when finished
-            iifname { "wan", "lan", "vb-gitea", "podman0", "wg_cloonar" } oifname { "lan", "vb-gitea", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
-            iifname { "infrastructure" } oifname { "podman0", "vb-omada" } counter accept
+            iifname { "wan", "lan", "ve-gitea", "podman0", "wg_cloonar" } oifname { "lan", "ve-gitea", "podman0", "infrastructure", "multimedia", "smart", "wrwks", "wg_cloonar", "wg_epicenter", "wg_ghetto_at" } counter accept
+            iifname { "infrastructure" } oifname { "podman0", "ve-omada" } counter accept
 
             # Allow trusted network WAN access
             iifname {
               "lan",
               "infrastructure",
-              "vb-gitea",
+              "ve-gitea",
               "podman0",
               "multimedia",
               "smart",
@@ -134,11 +134,10 @@
             type nat hook prerouting priority filter; policy accept;
           }
 
-          # Setup NAT masquerading on the ppp0 interface
+          # Setup NAT masquerading on external interfaces
           chain postrouting {
             type nat hook postrouting priority filter; policy accept;
             oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade
-            # oifname { "wan" } masquerade
           }
         }
       '';
diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix
index 6d4b43c..5535529 100644
--- a/hosts/fw.cloonar.com/modules/gitea.nix
+++ b/hosts/fw.cloonar.com/modules/gitea.nix
@@ -103,7 +103,8 @@ in
     # macvlans = [ "vserver" ];
     privateNetwork = true;
     hostBridge = "server";
-    localAddress = "10.42.97.2/24";
+    hostAddress = "10.42.97.1"
+    localAddress = "10.42.97.2";
     bindMounts = {
       "/var/lib/gitea" = {
         hostPath = "/var/lib/gitea/";