diff --git a/infra/root/setup.sh b/infra/root/setup.sh
index 7de6c6e..a43a0b6 100755
--- a/infra/root/setup.sh
+++ b/infra/root/setup.sh
@@ -14,13 +14,6 @@
 VPN_INTERFACE=wg-cloud
 OUTBOUND_INTERFACE=wgcf
 
-# forward --> web server
-WEB_LISTEN_INTERFACE=br-web
-WEB_SERVER_IPV4=10.254.0.2
-WEB_SERVER_IPV6=fd99:23eb:1682:fe::2
-
-WEB_SERVER_PORTS=80,443,10000:11000,51820
-
 ####################################################################
 # wireguard setup
 # wireguard -> X forwarding
@@ -70,44 +63,6 @@
 
 ip -6 ru add iif $VPN_INTERFACE lookup 100 priority 100
 
-
-####################################################################
-# Port forwarding
-####################################################################
-
-echo_info "Set up port forwarding to web server..."
-
-setup_port_forward() {
-    interface_name_v4=$1
-    interface_name_v6=$2
-    ports=$3
-    dst_ipv4=$4
-    dst_ipv6=$5
-
-    interface_ipv4=`ip -4 addr show $interface_name_v4 | grep -oP '(?<=inet\s)\d+(\.\d+){3}' -m 1`
-    interface_ipv6=`ip -6 addr show $interface_name_v6 | grep -oP '(?<=inet6\s)[\da-f:]+' -m 1`
-
-    # ipv4 forwarding
-    iptables-nft -t nat -A PREROUTING  -p tcp  -d $interface_ipv4 -m multiport --dports $ports -j DNAT --to-destination $dst_ipv4
-    iptables-nft -A FORWARD -p tcp             -d $dst_ipv4       -m multiport --dports $ports -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-    iptables-nft -t nat -A POSTROUTING -p tcp  -d $dst_ipv4       -m multiport --dports $ports -j MASQUERADE
-    
-    iptables-nft -t nat -A PREROUTING  -p udp  -d $interface_ipv4 -m multiport --dports $ports -j DNAT --to-destination $dst_ipv4
-    iptables-nft -A FORWARD -p udp             -d $dst_ipv4       -m multiport --dports $ports -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-    iptables-nft -t nat -A POSTROUTING -p udp  -d $dst_ipv4       -m multiport --dports $ports -j MASQUERADE
-
-    # ipv6 forwarding
-    ip6tables-nft -t nat -A PREROUTING  -p tcp -d $interface_ipv6 -m multiport --dports $ports -j DNAT --to-destination $dst_ipv6
-    ip6tables-nft -A FORWARD -p tcp            -d $dst_ipv6       -m multiport --dports $ports -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-    ip6tables-nft -t nat -A POSTROUTING -p tcp -d $dst_ipv6       -m multiport --dports $ports -j MASQUERADE
-
-    ip6tables-nft -t nat -A PREROUTING  -p udp -d $interface_ipv6 -m multiport --dports $ports -j DNAT --to-destination $dst_ipv6
-    ip6tables-nft -A FORWARD -p udp            -d $dst_ipv6       -m multiport --dports $ports -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-    ip6tables-nft -t nat -A POSTROUTING -p udp -d $dst_ipv6       -m multiport --dports $ports -j MASQUERADE
-}
-
-setup_port_forward $WEB_LISTEN_INTERFACE $WEB_LISTEN_INTERFACE $WEB_SERVER_PORTS $WEB_SERVER_IPV4 $WEB_SERVER_IPV6
-
 ####################################################################
 # iptables de-duplicate
 ####################################################################