diff --git a/hosts/desktopnix/net.nix b/hosts/desktopnix/net.nix
index 5a98a8f..e5e677f 100644
--- a/hosts/desktopnix/net.nix
+++ b/hosts/desktopnix/net.nix
@@ -1,8 +1,4 @@
-{
-  config,
-  #lib,
-  ...
-}: {
+{config, ...}: {
   networking = {
     inherit (config.secrets.secrets.local.networking) hostId;
   };
@@ -15,35 +11,13 @@
         MulticastDNS = true;
       };
     };
-    #"01-wlan1" = {
-    #  address = ["192.168.1.2/24"];
-    #  matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.wlan01.mac;
-    #  networkConfig = {
-    #    IPv6PrivacyExtensions = "yes";
-    #    MulticastDNS = true;
-    #  };
-    #};
+    "01-wlan1" = {
+      DHCP = "yes";
+      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.wlan01.mac;
+      networkConfig = {
+        IPv6PrivacyExtensions = "yes";
+        MulticastDNS = true;
+      };
+    };
   };
-  #networking.nat = {
-  #  enable = true;
-  #  externalInterface = "lan01";
-  #  internalInterfaces  = ["wlan01"];
-  #};
-  #networking.firewall.enable = lib.mkForce false;
-  #hardware.wirelessRegulatoryDatabase = true;
-  #services.hostapd = {
-  #  enable = true;
-  #  radios.wlan01 = {
-  #    band = "2g";
-  #    countryCode = "DE";
-  #    channel = 8;
-  #    networks.wlan01 = {
-  #      ssid = "patricks ist der tolleeste";
-  #      authentication = {
-  #        saePasswordsFile = lib.writeText "supidupipasswort";
-  #        enableRecommendedPairwiseCiphers = true;
-  #      };
-  #    };
-  #  };
-  #};
 }
diff --git a/hosts/patricknix/net.nix b/hosts/patricknix/net.nix
index a80670b..baebc51 100644
--- a/hosts/patricknix/net.nix
+++ b/hosts/patricknix/net.nix
@@ -60,7 +60,9 @@
       dhcpV6Config.RouteMetric = 10;
     };
     "01-wlan1" = {
-      DHCP = "yes";
+      DHCP = "no";
+      address = ["192.168.1.6/24"];
+      gateway = ["192.168.1.2"];
       matchConfig.MACAddress = config.secrets.secrets.local.networking.wlan1.mac;
       networkConfig = {
         IPv6PrivacyExtensions = "yes";
diff --git a/modules/services/immich.nix b/modules/services/immich.nix
index aeddfb3..e310e36 100644
--- a/modules/services/immich.nix
+++ b/modules/services/immich.nix
@@ -92,7 +92,10 @@ in {
   networking.firewall = {
     allowedTCPPorts = [2283];
     filterForward = true;
-    extraForwardRules = "ip saddr ${lib.net.cidr.host config.secrets.secrets.global.net.ips."elisabeth" config.secrets.secrets.global.net.privateSubnet} tcp dport 3001 accept";
+    extraForwardRules = ''
+      ip saddr ${lib.net.cidr.host config.secrets.secrets.global.net.ips."elisabeth" config.secrets.secrets.global.net.privateSubnet} tcp dport 3001 accept
+      iifname "podman1" oifname lan accept
+    '';
   };
   systemd.tmpfiles.settings = {
     "10-immich" = {