diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py
index 885f91d..7374d83 100644
--- a/bundles/wireguard/metadata.py
+++ b/bundles/wireguard/metadata.py
@@ -218,3 +218,29 @@ def interface_ips(metadata):
     return {
         'interfaces': interfaces,
     }
+
+
+@metadata_reactor.provides(
+    'nftables/rules/nat_postrouting',
+)
+def snat(metadata):
+    if not node.has_bundle('nftables'):
+        raise DoNotRunAgain
+
+    rules = set()
+
+    for config in metadata.get('wireguard/peers', {}).values():
+        if 'snat_to' in config:
+            rules.add('ip saddr {} ip daddr != {} snat to {}'.format(
+                config['my_ip'],
+                config['their_ip'],
+                config['snat_to'],
+            ))
+
+    return {
+        'nftables': {
+            'rules': {
+                'nat_postrouting': rules,
+            },
+        },
+    }