{ config, lib, ... }: {
  networking = let
    forward_ports = [
      25565
      25566
    ];
    forward_protocols = [ "tcp" "udp" ];
    internal_ip = "100.64.0.2";
    internal_interface = "tailscale0";
    external_interface = "eno1";
  in {
    firewall = {
      enable = true;
      allowedUDPPorts = forward_ports;
      allowedTCPPorts = forward_ports;
    };
    nat = {
      enable = true;
      internalInterfaces = [ internal_interface ];
      externalInterface = external_interface;

      forwardPorts = builtins.concatLists (
        lib.lists.forEach forward_protocols (protocol:
          builtins.concatMap (port: [
            {
              destination = "${internal_ip}:${toString port}";
              proto = protocol;
              sourcePort = port;
            }
          ]) forward_ports
        )
      );
    };
    nftables = {
      enable = true;
      flushRuleset = true;
      tables.nixos-nat = {
        family = "ip";
        content = ''
          chain post {
            masquerade
          }
        '';
      };
    };
  };
}