Exclude local networks from ipv4 NAT?

Hi there,

im using incus on 2 physical server-hosts. Each of them has a bridged network with ipv4-nat for the incus-networks on both servers (e.g. and

When ipv4.nat is set to true, all outgoing traffic is nat-ed. Because the two hosts are connected via wireguard vpn which can route the internal nets, the traffic between the two local nets and should rather be routed unchanged (means not nat-ed).

How can I achieve this? Do I have to use more than one nic or is there a simple solution to exclude private networks like or from NAT?

Thanks a lot for the advice!

Best is to set ipv4.nat=false on the network and put your own NAT rules in iptables/nftables to NAT only your WAN traffic.

1 Like