diff --git a/iface/iface.go b/iface/iface.go
index fe86eb238a3..cb51e9ffdd3 100644
--- a/iface/iface.go
+++ b/iface/iface.go
@@ -1,14 +1,15 @@
 package iface
 
 import (
+	"net"
+	"time"
+
 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/conn"
 	"golang.zx2c4.com/wireguard/device"
 	"golang.zx2c4.com/wireguard/tun"
 	"golang.zx2c4.com/wireguard/wgctrl"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-	"net"
-	"time"
 )
 
 const (
@@ -148,12 +149,6 @@ func UpdateListenPort(iface string, newPort int) error {
 	return nil
 }
 
-func ifname(n string) []byte {
-	b := make([]byte, 16)
-	copy(b, []byte(n+"\x00"))
-	return b
-}
-
 // UpdatePeer updates existing Wireguard Peer or creates a new one if doesn't exist
 // Endpoint is optional
 func UpdatePeer(iface string, peerKey string, allowedIps string, keepAlive time.Duration, endpoint string) error {
diff --git a/iface/nat_linux.go b/iface/nat_linux.go
deleted file mode 100644
index 22ebd64e026..00000000000
--- a/iface/nat_linux.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package iface
-
-import (
-	"github.com/google/nftables"
-	"github.com/google/nftables/expr"
-	log "github.com/sirupsen/logrus"
-	"github.com/vishvananda/netns"
-	"io/ioutil"
-)
-
-// Configure routing and IP masquerading
-//todo more docs on what exactly happens here and why it is needed
-func ConfigureNAT(primaryIface string) error {
-	log.Debugf("adding NAT / IP masquerading using nftables")
-	ns, err := netns.Get()
-	if err != nil {
-		return err
-	}
-
-	conn := nftables.Conn{NetNS: int(ns)}
-
-	log.Debugf("flushing nftable rulesets")
-	conn.FlushRuleset()
-
-	log.Debugf("setting up nftable rules for ip masquerading")
-
-	nat := conn.AddTable(&nftables.Table{
-		Family: nftables.TableFamilyIPv4,
-		Name:   "nat",
-	})
-
-	conn.AddChain(&nftables.Chain{
-		Name:     "prerouting",
-		Table:    nat,
-		Type:     nftables.ChainTypeNAT,
-		Hooknum:  nftables.ChainHookPrerouting,
-		Priority: nftables.ChainPriorityFilter,
-	})
-
-	post := conn.AddChain(&nftables.Chain{
-		Name:     "postrouting",
-		Table:    nat,
-		Type:     nftables.ChainTypeNAT,
-		Hooknum:  nftables.ChainHookPostrouting,
-		Priority: nftables.ChainPriorityNATSource,
-	})
-
-	conn.AddRule(&nftables.Rule{
-		Table: nat,
-		Chain: post,
-		Exprs: []expr.Any{
-			&expr.Meta{Key: expr.MetaKeyOIFNAME, Register: 1},
-			&expr.Cmp{
-				Op:       expr.CmpOpEq,
-				Register: 1,
-				Data:     ifname(primaryIface),
-			},
-			&expr.Masq{},
-		},
-	})
-
-	if err := conn.Flush(); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// Enables IP forwarding system property.
-// Mostly used when you setup one peer as a VPN server.
-func EnableIPForward() error {
-	f := "/proc/sys/net/ipv4/ip_forward"
-
-	content, err := ioutil.ReadFile(f)
-	if err != nil {
-		return err
-	}
-
-	if string(content) == "0\n" {
-		log.Info("enabling IP Forward")
-		return ioutil.WriteFile(f, []byte("1"), 0600)
-	}
-
-	return nil
-}