diff --git a/Vagrantfile b/Vagrantfile
index 719a997..c469406 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -69,8 +69,8 @@ Vagrant.configure(2) do |config|
                       virtualbox__intnet: 'tunnel'
       node.vm.network :public_network,
                       ip: address,
-                      netmask: CONFIG['network']['internal']['netmask'],
-                      bridge: CONFIG['network']['internal']['bridge']
+                      netmask: CONFIG['network']['external']['netmask'],
+                      bridge: CONFIG['network']['external']['bridge']
     end
   end
 
@@ -80,7 +80,7 @@ Vagrant.configure(2) do |config|
                     ip: '10.0.0.30',
                     virtualbox__intnet: 'tunnel'
     node.vm.network :public_network,
-                    bridge: CONFIG['network']['internal']['bridge'],
+                    bridge: CONFIG['network']['external']['bridge'],
                     auto_config: false
   end
 
@@ -88,8 +88,8 @@ Vagrant.configure(2) do |config|
     node.vm.hostname = 'storage'
     node.vm.network :public_network,
                     ip: CONFIG['address']['storage'],
-                    netmask: CONFIG['network']['internal']['netmask'],
-                    bridge: CONFIG['network']['internal']['bridge']
+                    netmask: CONFIG['network']['external']['netmask'],
+                    bridge: CONFIG['network']['external']['bridge']
     add_block_device(node, 1, CONFIG['resources']['storage'])
     add_block_device(node, 2, CONFIG['resources']['storage'])
     add_block_device(node, 3, CONFIG['resources']['storage'])
@@ -99,8 +99,8 @@ Vagrant.configure(2) do |config|
     node.vm.hostname = 'controller'
     node.vm.network :public_network,
                     ip: CONFIG['address']['controller'],
-                    netmask: CONFIG['network']['internal']['netmask'],
-                    bridge: CONFIG['network']['internal']['bridge']
+                    netmask: CONFIG['network']['external']['netmask'],
+                    bridge: CONFIG['network']['external']['bridge']
     node.vm.provider 'virtualbox' do |vb|
       memory = CONFIG['resources']['memory'] * 2
       vcpus = CONFIG['resources']['vcpus'] * 2
diff --git a/ansible/controller.yaml b/ansible/controller.yaml
index ef18b6b..14a83a1 100644
--- a/ansible/controller.yaml
+++ b/ansible/controller.yaml
@@ -17,7 +17,9 @@
   when: not development
 - template: src=files/openrc.j2 dest=/home/vagrant/openrc owner=vagrant group=vagrant mode=0644
 - lineinfile: dest=/home/vagrant/.bashrc line='source $HOME/openrc'
-- copy: src=files/scripts/ dest=/home/vagrant/scripts/ owner=vagrant group=vagrant mode=0755
+- copy: src=files/scripts/nova_fake.sh dest=/home/vagrant/scripts/nova_fake.sh owner=vagrant group=vagrant mode=0755
+- copy: src=files/scripts/rally.sh dest=/home/vagrant/scripts/rally.sh owner=vagrant group=vagrant mode=0755
+- template: src=files/scripts/setup.sh.j2 dest=/home/vagrant/scripts/setup.sh owner=vagrant group=vagrant mode=0755
 - template: src=files/packstack.answers.j2 dest=/home/vagrant/packstack.answers owner=vagrant group=vagrant
 - copy: src=files/gitconfig dest=/home/vagrant/.gitconfig owner=vagrant group=vagrant mode=0644
 - file: src=/home/vagrant/.ssh/id_packstack dest=/home/vagrant/.ssh/id_rsa owner=vagrant group=vagrant state=link
diff --git a/ansible/network.yaml b/ansible/network.yaml
index 7c3f96e..fd0381a 100644
--- a/ansible/network.yaml
+++ b/ansible/network.yaml
@@ -1,6 +1,11 @@
 ---
+- sysctl: name=net.ipv4.ip_forward value=1 state=present
 - yum: name=openvswitch state=present
 - service: name=openvswitch state=started enabled=yes
 - template: src=files/ifcfg-br-ex.j2 dest=/etc/sysconfig/network-scripts/ifcfg-br-ex
 - copy: src=files/ifcfg-enp0s9 dest=/etc/sysconfig/network-scripts/ifcfg-enp0s9
 - service: name=network state=restarted
+- command: /sbin/iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
+- command: /sbin/iptables -A FORWARD -i br-ex -o enp0s3 -m state --state RELATED,ESTABLISHED -j ACCEPT
+- command: /sbin/iptables -A FORWARD -i br-ex -o enp0s3 -j ACCEPT
+- shell: /usr/sbin/iptables-save > /etc/sysconfig/iptables
diff --git a/config.yaml.sample b/config.yaml.sample
index 1f920c7..70dd3d6 100644
--- a/config.yaml.sample
+++ b/config.yaml.sample
@@ -8,13 +8,17 @@ network:
   type: gre
   agent: openvswitch
   tunnel_interface: enp0s8
+  dns1: 208.67.222.222
+  dns2: 208.67.220.220
   internal:
+    network: 192.168.200.0/24
+  external:
+    start: 10.100.50.100
+    end: 10.100.50.200
+    network: 10.100.50.0/16
     bridge: tap0
     netmask: 255.255.0.0
-    gateway: 10.100.0.1
     broadcast: 10.100.255.255
-    dns1: 208.67.222.222
-    dns2: 208.67.220.220
 secret: password
 proxy: http://proxy.dummy.site:3128
 storage_backend: nfs
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 01bd206..ca60783 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -33,19 +33,23 @@ storage controller of the used base box must support at least three ports.
 Networking
 ----------
 
-Internal network
-~~~~~~~~~~~~~~~~
+Networks
+~~~~~~~~
 
 ::
 
     network:
+      dns1: 208.67.222.222
+      dns2: 208.67.220.220
       internal:
+        network: 192.168.200.0/24
+      external:
+        start: 10.100.50.100
+        end: 10.100.50.200
+        network: 10.100.50.0/16
         bridge: tap0
         netmask: 255.255.0.0
         broadcast: 10.100.255.255
-        gateway: 10.100.0.1
-        dns1: 208.67.222.222
-        dns2: 208.67.220.220
 
 Addresses
 ~~~~~~~~~
diff --git a/files/ifcfg-br-ex.j2 b/files/ifcfg-br-ex.j2
index ab51b4d..abfd399 100644
--- a/files/ifcfg-br-ex.j2
+++ b/files/ifcfg-br-ex.j2
@@ -4,8 +4,7 @@ DEVICETYPE=ovs
 TYPE=OVSBridge
 BOOTPROTO=static
 IPADDR={{ address.network }}
-NETMASK={{ network.internal.netmask }}
-BROADCAST={{ network.internal.broadcast }}
-GATEWAY={{ network.internal.gateway }}
-DNS1={{ network.internal.dns1 }}
-DNS2={{ network.internal.dns2 }}
+NETMASK={{ network.external.netmask }}
+BROADCAST={{ network.external.broadcast }}
+DNS1={{ network.dns1 }}
+DNS2={{ network.dns2 }}
diff --git a/files/scripts/nova_fake.sh b/files/scripts/nova_fake.sh
old mode 100755
new mode 100644
diff --git a/files/scripts/rally.sh b/files/scripts/rally.sh
old mode 100755
new mode 100644
diff --git a/files/scripts/setup.sh b/files/scripts/setup.sh.j2
old mode 100755
new mode 100644
similarity index 82%
rename from files/scripts/setup.sh
rename to files/scripts/setup.sh.j2
index d6dfd19..b66046f
--- a/files/scripts/setup.sh
+++ b/files/scripts/setup.sh.j2
@@ -21,10 +21,10 @@ fi
 
 openstack role add admin --project services --user admin
 OS_TENANT_NAME=services neutron net-create floating001 --router:external --provider:physical_network external --provider:network_type flat
-OS_TENANT_NAME=services neutron subnet-create --name floating001 --allocation-pool start=10.100.50.100,end=10.100.50.200 --disable-dhcp --gateway 10.100.0.1 --dns-nameserver 208.67.222.222 --dns-nameserver 208.67.220.220 floating001 10.100.50.0/16
+OS_TENANT_NAME=services neutron subnet-create --name floating001 --allocation-pool start={{ network.external.start }},end={{ network.external.end }} --disable-dhcp --gateway {{ address.network }} --dns-nameserver {{ network.dns1 }} --dns-nameserver {{ network.dns2 }} floating001 {{ network.external.network }}
 
 neutron net-create internal001
-neutron subnet-create --name internal001 internal001 192.168.200.0/24
+neutron subnet-create --name internal001 --dns-nameserver {{ network.dns1 }} --dns-nameserver {{ network.dns2 }} internal001 {{ network.internal.network }}
 neutron router-create internal001
 neutron router-interface-add internal001 internal001
 neutron router-gateway-set internal001 floating001