diff --git a/README.md b/README.md
index 8dd5078..9b967de 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,7 @@ Before using this module, you'll need to generate a key pair for your server and
 |`wg_server_private_key_param`|`string`|Optional - defaults to `/wireguard/wg-server-private-key`|The Parameter Store key to use for the VPN server Private Key.|
 |`ami_id`|`string`|Optional - defaults to the newest Ubuntu 16.04 AMI|AMI to use for the VPN server.|
 |`wg_server_interface`|`string`|Optional - defaults to eth0|Server interface to route traffic to for installations forwarding traffic to private networks.|
+|`forward_traffic`|`string`|Optional - defaults to false|Will this server be used to forward trafic to a local network.|
 
 ## Examples
 
diff --git a/main.tf b/main.tf
index 78095d7..a5c89ca 100644
--- a/main.tf
+++ b/main.tf
@@ -8,6 +8,7 @@ data "template_file" "user_data" {
     peers                 = join("\n", data.template_file.wg_client_data_json.*.rendered)
     eip_id                = var.eip_id
     wg_server_interface   = var.wg_server_interface
+    forward_traffic       = var.forward_traffic
   }
 }
 
diff --git a/templates/user-data.txt b/templates/user-data.txt
index 29dd1d6..9c0d7b0 100644
--- a/templates/user-data.txt
+++ b/templates/user-data.txt
@@ -15,10 +15,15 @@ ${peers}
 EOF
 
 # we go with the eip if it is provided
-if [ "${eip_id}" != "disabled" ]; then
+if [ "${eip_id}" != "disabled" ] || [ "${forward_traffic}" == "true" ]; then
   export INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
   export REGION=$(curl -fsq http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/[a-z]$//')
-  aws --region $${REGION} ec2 associate-address --allocation-id ${eip_id} --instance-id $${INSTANCE_ID}
+  if [ "${eip_id}" != "disabled" ]; then
+    aws --region $${REGION} ec2 associate-address --allocation-id ${eip_id} --instance-id $${INSTANCE_ID}
+  fi
+  if [ "${forward_traffic}" == "true" ]; then
+    aws ec2 modify-instance-attribute --no-source-dest-check --instance-id $${INSTANCE_ID} --region $${REGION}
+  fi
 fi
 
 chown -R root:root /etc/wireguard/
diff --git a/variables.tf b/variables.tf
index ee3fa84..f89ebf5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -87,3 +87,8 @@ variable "wg_server_interface" {
   default     = "eth0"
   description = "The default interface to forward network traffic to."
 }
+
+variable "forward_traffic" {
+  default     = "false"
+  description = "Will this WireGuard server forward traffic to other hosts on the network?"
+}