diff --git a/nix/nixos-module/container/upstream.nix b/nix/nixos-module/container/upstream.nix
index e8eba5b..2edf7b4 100644
--- a/nix/nixos-module/container/upstream.nix
+++ b/nix/nixos-module/container/upstream.nix
@@ -94,7 +94,8 @@ in
       # Do not NAT our public IPv4 addresses
       ${lib.concatMapStringsSep "\n" (net:
         lib.concatMapStrings (subnet: ''
-          iptables -t nat -I ${net}_nat \
+          iptables -t nat -I nixos-nat-post \
+            -o ${net} \
             -s ${subnet} \
             -j RETURN
         '') upstreamInterfaces.${net}.upstream.noNat.subnets4 or []