diff --git a/inside.go b/inside.go
index 3f7cd19e..a4413aa0 100644
--- a/inside.go
+++ b/inside.go
@@ -235,7 +235,7 @@ func (f *Interface) sendMessageNow(t header.MessageType, st header.MessageSubTyp
 	}
 
 	// check if packet is in outbound fw rules
-	dropReason := f.firewall.Drop(*fp, nil, false, hostinfo, f.pki.GetCAPool(), nil)
+	dropReason := f.firewall.Drop(*fp, p, false, hostinfo, f.pki.GetCAPool(), nil)
 	if dropReason != nil {
 		if f.l.Level >= logrus.DebugLevel {
 			f.l.WithField("fwPacket", fp).
diff --git a/interface.go b/interface.go
index 83d313b5..0acbc147 100644
--- a/interface.go
+++ b/interface.go
@@ -56,7 +56,6 @@ type Interface struct {
 	inside                overlay.Device
 	pki                   *PKI
 	firewall              *Firewall
-	snatAddr              netip.Addr
 	connectionManager     *connectionManager
 	handshakeManager      *HandshakeManager
 	serveDns              bool
diff --git a/overlay/tun_linux.go b/overlay/tun_linux.go
index f8e41710..9e6a7581 100644
--- a/overlay/tun_linux.go
+++ b/overlay/tun_linux.go
@@ -436,7 +436,7 @@ func (t *tun) Activate() error {
 			return fmt.Errorf("failed to set default route MTU for %s: %w", t.vpnNetworks[i], err)
 		}
 	}
-	//TODO snat and be snatted
+
 	if t.unsafeIPv4Origin.IsValid() {
 		if err = t.setDefaultRoute(t.unsafeIPv4Origin); err != nil {
 			return fmt.Errorf("failed to set default route MTU for %s: %w", t.unsafeIPv4Origin, err)
@@ -475,10 +475,7 @@ func (t *tun) setSnatRoute() error {
 	nr := netlink.Route{
 		LinkIndex: t.deviceIndex,
 		Dst:       dr,
-		//todo do we need these other options?
-		//MTU:       t.DefaultMTU,
-		//AdvMSS:    t.advMSS(Route{}),
-		Scope: unix.RT_SCOPE_LINK,
+		Scope:     unix.RT_SCOPE_LINK,
 		//Protocol: unix.RTPROT_KERNEL,
 		Table: unix.RT_TABLE_MAIN,
 		Type:  unix.RTN_UNICAST,
diff --git a/snat_test.go b/snat_test.go
index 14d55f4a..708d96a0 100644
--- a/snat_test.go
+++ b/snat_test.go
@@ -422,7 +422,7 @@ func TestFirewall_FindUsableSNATPort(t *testing.T) {
 			RemotePort: 12345,
 			Protocol:   firewall.ProtoUDP,
 		}
-		cn := &conn{}
+		cn := &conn{snat: &snatInfo{}}
 		err := fw.findUsableSNATPort(&fp, cn)
 		require.NoError(t, err)
 		// Port should have been assigned
@@ -448,7 +448,7 @@ func TestFirewall_FindUsableSNATPort(t *testing.T) {
 		fw.Conntrack.Conns[fp] = &conn{}
 		fw.Conntrack.Unlock()
 
-		cn := &conn{}
+		cn := &conn{snat: &snatInfo{}}
 		err := fw.findUsableSNATPort(&fp, cn)
 		require.NoError(t, err)
 		assert.NotEqual(t, uint16(12345), fp.RemotePort, "should pick a different port")
@@ -479,7 +479,7 @@ func TestFirewall_FindUsableSNATPort(t *testing.T) {
 		// Try to find a port starting from 0x8000
 		fp := baseFP
 		fp.RemotePort = 0x8000
-		cn := &conn{}
+		cn := &conn{snat: &snatInfo{}}
 		err := fw.findUsableSNATPort(&fp, cn)
 		assert.ErrorIs(t, err, ErrCannotSNAT)
 	})