diff --git a/roles/base/templates/iptables/iptables b/roles/base/templates/iptables/iptables
index de08397146..b368221310 100644
--- a/roles/base/templates/iptables/iptables
+++ b/roles/base/templates/iptables/iptables
@@ -113,9 +113,10 @@ COMMIT
 
 {% if nat_rules %}
 *nat
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
+:PREROUTING ACCEPT [0:]
+:INPUT ACCEPT [0:]
 :OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
 
 {% for rule in nat_rules %}
 {{ rule }}