diff --git a/roles/network-ffrl/templates/ffrl.j2 b/roles/network-ffrl/templates/ffrl.j2
index f8323c3..ba8d4e7 100644
--- a/roles/network-ffrl/templates/ffrl.j2
+++ b/roles/network-ffrl/templates/ffrl.j2
@@ -10,6 +10,8 @@ iface {{ item.key }} inet tunnel
     ttl 64
     mtu 1400
     tunnel-physdev {{ ansible_default_ipv4.interface }}
+    ip-forward on
+    ip6-forward on
 
     address {{ item.value.tunnel_ipv4_network | ipaddr('net') | ipaddr('1') | ipaddr('ip/prefix') }}
     address {{ item.value.tunnel_ipv6_network | ipaddr('net') | ipaddr('2') | ipaddr('ip/prefix') }}
diff --git a/roles/network-meshbridge/templates/bridge.j2 b/roles/network-meshbridge/templates/bridge.j2
index 2fd6f30..3ac23eb 100644
--- a/roles/network-meshbridge/templates/bridge.j2
+++ b/roles/network-meshbridge/templates/bridge.j2
@@ -17,3 +17,7 @@ iface {{ item.id }}br
 {% endfor %}
 {% endif %}
     bridge-ports {{ item.id }}bat
+{% if server_type == 'gateway' %}
+    ip-forward on
+    ip6-forward on
+{% endif %}
diff --git a/roles/wireguard/templates/wireguard.j2 b/roles/wireguard/templates/wireguard.j2
index b978d66..c92e48e 100644
--- a/roles/wireguard/templates/wireguard.j2
+++ b/roles/wireguard/templates/wireguard.j2
@@ -5,6 +5,10 @@
 auto wg-{{ network.remote[:11] }}
 iface wg-{{ network.remote[:11] }}
    mtu 1420
+{% if server_type == 'gateway' %}
+   ip-forward on
+   ip6-forward on
+{% endif %}
    ipv6-addrgen off
 {% if magic < network.remote_magic %}
    address {{ network.ipv4 | ipaddr('ip/prefix') }}