diff --git a/config/net/upstream.nix b/config/net/upstream.nix
index de9fd39..ae4ba94 100644
--- a/config/net/upstream.nix
+++ b/config/net/upstream.nix
@@ -85,6 +85,12 @@ in
           reflect = true;
           sourcePort = 30000;
         }
+        {
+          destination = config.site.net.core.hosts4.yggdrasil;
+          proto = "tcp";
+          reflect = true;
+          sourcePort = 1;
+        }
       ];
       interfaces = {
         core = {
@@ -369,6 +375,12 @@ in
           reflect = true;
           sourcePort = 45000;
         }
+        {
+          destination = config.site.net.core.hosts4.yggdrasil;
+          proto = "tcp";
+          reflect = true;
+          sourcePort = 1;
+        }
       ];
       interfaces = {
         core = {
diff --git a/nix/nixos-module/container/yggdrasil.nix b/nix/nixos-module/container/yggdrasil.nix
index 80c83c6..576de97 100644
--- a/nix/nixos-module/container/yggdrasil.nix
+++ b/nix/nixos-module/container/yggdrasil.nix
@@ -44,6 +44,10 @@ in lib.mkIf cfg.enable {
           # poland
           "tls://[2001:41d0:601:1100::cf2]:11129"
         ];
+      Listen = [
+        "tcp://0.0.0.0:1"
+        "tcp://[::]:1"
+      ];
       NodeInfo = {
         # This information is visible to the network.
         name = "y.c3d2.de";