diff --git a/roles/ap/files/dnsmasq.conf b/roles/ap/files/dnsmasq.conf
index 59a7146..2e61ca3 100644
--- a/roles/ap/files/dnsmasq.conf
+++ b/roles/ap/files/dnsmasq.conf
@@ -1,7 +1,7 @@
 interface=wlan0
 dhcp-range=10.250.250.2,10.250.250.6,255.255.255.248,24h
 listen-address=10.250.250.1
-bind-interfaces
+#bind-interfaces
 server=8.8.8.8
 bogus-priv
-domain=demo.dsfinancial.com
\ No newline at end of file
+domain=demo.dsfinancial.com
diff --git a/roles/ap/tasks/main.yaml b/roles/ap/tasks/main.yaml
index f016138..e10a3af 100644
--- a/roles/ap/tasks/main.yaml
+++ b/roles/ap/tasks/main.yaml
@@ -65,32 +65,28 @@
           masked: no
           state: restarted
   tags: wireless_ap
-- name: enable ipv4.forwarding
-  become: true
-  sysctl:
-          name: net.ipv4.ip_forward
-          value: 1
-          sysctl_set: yes
-          state: present
-          reload: yes
-  tags: wireless_ap
-- name: copy fw config
-  become: true
-  copy:
-    src: "{{ role_path }}/files/iptables.ipv4.nat"
-    dest: "/etc/iptables.ipv4.nat"
-    backup: yes
-    owner: root
-    group: root
-  tags: wireless_ap
-- name: iptables-restore to rc.local
-  lineinfile:
-    path: "/etc/rc.local"
-    state: present
-    insertbefore: "exit 0"
-    line: "iptables-restore < /etc/iptables.ipv4.nat"
-  become: true
-  tags: wireless_ap
+- name: lan to wlan
+  iptables:
+    chain: FORWARD
+    ctstate: ESTABLISHED,RELATED
+    jump: ACCEPT
+    in_interface: eth0
+    out_interface: wlan0
+  become: yes
+- name: wlan to lan
+  iptables:
+          chain: FORWARD
+          jump: ACCEPT
+          in_interface: wlan0
+          out_interface: eth0
+  become: yes
+- name: forwarding
+  iptables:
+          chain: POSTROUTING
+          out_interface: eth0
+          table: nat
+          jump: MASQUERADE
+  become: yes
 - name: restart dhcpcd
   become: true
   systemd:
diff --git a/roles/common/files/proc_check.sh b/roles/common/files/proc_check.sh
index ead18ce..55a13c3 100644
--- a/roles/common/files/proc_check.sh
+++ b/roles/common/files/proc_check.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
-/usr/bin/killall chromium-browser
-/usr/bin/killall chromium-browser
-/usr/bin/killall chromium-browser
-systemctl restart ntopng
+sudo /usr/bin/killall chromium-browser
+sudo /usr/bin/killall chromium-browser
+sudo /usr/bin/killall chromium-browser
+sudo systemctl restart ntopng