diff --git a/nodes/home/router.py b/nodes/home/router.py
index 2a8c143..ba9bd6c 100644
--- a/nodes/home/router.py
+++ b/nodes/home/router.py
@@ -38,10 +38,15 @@ nodes['home.router'] = {
         },
         'iptables': {
             'custom_rules': [
+                # This is a router. Allow forwarding traffic for all internal networks.
                 'iptables_both -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT',
                 'iptables_both -A FORWARD -i enp1s0.23 -o enp1s0.42 -j REJECT',
                 'iptables_both -A FORWARD -i enp1s0.23 -j ACCEPT',
                 'iptables_both -A FORWARD -i enp1s0.42 -j ACCEPT',
+
+                # External port 2022 should be home.nas
+                'iptables -t nat -A PREROUTING -p tcp --dport 2022 -j DNAT --to 172.19.138.20:22',
+                'iptables -A FORWARD -p tcp -d 172.19.138.20 --dport 22 -j ACCEPT',
             ],
         },
         'nameservers': atomic({