diff --git a/hosts/xlab-gateway/dhcp.nix b/hosts/xlab-gateway/dhcp.nix
index 9061974..9a13d4c 100644
--- a/hosts/xlab-gateway/dhcp.nix
+++ b/hosts/xlab-gateway/dhcp.nix
@@ -104,9 +104,9 @@
       subnet6 = [
         {
           id = 1;
-          subnet = "fd99:23eb:1682:fd:df00::/72";
+          subnet = "fd99:23eb:1682:1::/64";
           pools = [
-            { pool = "fd99:23eb:1682:fd:df00::100 - fd99:23eb:1682:fd:df00::ffff"; }
+            { pool = "fd99:23eb:1682:1::100 - fd99:23eb:1682:1::ffff"; }
           ];
           option-data = [
             { name = "dns-servers"; data = "fd99:23eb:1682::1"; }
@@ -180,15 +180,18 @@
     config = ''
       interface bond.lan254 {
         AdvSendAdvert on;
-        AdvManagedFlag on;
+        AdvManagedFlag off;
         AdvOtherConfigFlag on;
-        MinRtrAdvInterval 3;
-        MaxRtrAdvInterval 10;
-        prefix fd99:23eb:1682:fd:df::/80 {
+        MinRtrAdvInterval 30;
+        MaxRtrAdvInterval 100;
+        prefix fd99:23eb:1682:1::/64 {
           AdvOnLink on;
-          AdvAutonomous off;
+          AdvAutonomous on;
           AdvRouterAddr on;
         };
+        RDNSS fd99:23eb:1682::1 {
+          AdvRDNSSLifetime 3600;
+        };
       };
     '';
   };
diff --git a/hosts/xlab-gateway/networking.nix b/hosts/xlab-gateway/networking.nix
index 07cde8a..cbbf440 100644
--- a/hosts/xlab-gateway/networking.nix
+++ b/hosts/xlab-gateway/networking.nix
@@ -48,7 +48,6 @@
           chain postrouting {
             type nat hook postrouting priority filter; policy accept;
             oifname "wan99.0" masquerade
-            oifname "wg-to-wgnet" meta nfproto ipv6 masquerade
           }
         }
 
@@ -190,7 +189,7 @@
         DHCP = "no";
         Address = [
           "10.253.254.1/24"
-          "fd99:23eb:1682:fd:df::1/80"
+          "fd99:23eb:1682:1::1/64"
         ];
         IPv6AcceptRA = false;
       };
@@ -205,17 +204,33 @@
         { Destination = "183.173.0.0/16"; Type = "throw"; Table = 1002; }
       ];
       routingPolicyRules = [
-        # Use main table only for specific routes (not default)
+        # LAN IPv4 → suppress default route in main table, fall through to freedom-wgnet
         {
+          From = "10.253.254.0/24";
           SuppressPrefixLength = 0;
-          Family = "both";
+          Family = "ipv4";
           Priority = 100;
         }
-        # All traffic → WireGuard routing table
+        # LAN IPv6 → same
         {
+          From = "fd99:23eb:1682:1::/64";
+          SuppressPrefixLength = 0;
+          Family = "ipv6";
+          Priority = 100;
+        }
+        # LAN IPv4 → WireGuard routing table
+        {
+          From = "10.253.254.0/24";
           Table = 1002;
           Priority = 20000;
-          Family = "both";
+          Family = "ipv4";
+        }
+        # LAN IPv6 → WireGuard routing table
+        {
+          From = "fd99:23eb:1682:1::/64";
+          Table = 1002;
+          Priority = 20000;
+          Family = "ipv6";
         }
       ];
     };