diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix
index e8d9d00cc0a2..b6fa3b79eb2f 100644
--- a/nixos/modules/services/networking/nat.nix
+++ b/nixos/modules/services/networking/nat.nix
@@ -75,6 +75,17 @@ in
         '';
     };
 
+    networking.nat.forwardPorts = mkOption {
+      type = types.listOf types.attrs;
+      default = [];
+      example = [ { sourcePort = 8080; destination = "10.0.0.1:80"; } ];
+      description =
+        ''
+          List of forwarded ports from the external interface to
+          internal destinations by using DNAT.
+        '';
+    };
+
   };
 
 
@@ -118,6 +129,14 @@ in
                 -s '${range}' -o ${cfg.externalInterface} ${dest}
             '') cfg.internalIPs}
 
+            # NAT from external ports to internal ports.
+            ${concatMapStrings (fwd: ''
+              iptables -w -t nat -A PREROUTING \
+                -i ${cfg.externalInterface} -p tcp \
+                --dport ${builtins.toString fwd.sourcePort} \
+                -j DNAT --to-destination ${fwd.destination}
+            '') cfg.forwardPorts}
+
             echo 1 > /proc/sys/net/ipv4/ip_forward
           '';