diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix
index 4d82178..33a6ed3 100644
--- a/nix/os/devices/router0-dmz0/configuration.nix
+++ b/nix/os/devices/router0-dmz0/configuration.nix
@@ -87,13 +87,16 @@
     then bridgeInterfaceName
     else "${bridgeInterfaceName}.${toString vlanid}";
 
-  dmzExposedHost = "sj-srv1.dmz.internal";
+  dmzExposedHost = "sj-srv1";
+  dmzExposedHostDomain = "dmz.internal";
+  dmzExposedHostFQDN = "${dmzExposedHost}.${dmzExposedHostDomain}";
   dmzExposedHostIpv4 = mkVlanIpv4HostAddr {
     vlanid = vlansByName.dmz.id;
     host = 99;
     cidr = false;
   };
-  # "sj-srv1.dmz.internal";
+
+  dmzExposedHostMACaddr = repoFlake.nixosConfigurations.${dmzExposedHost}.config.systemd.network.netdevs."10-dmz0".netdevConfig.MACAddress;
 in {
   imports = [
     nixos-sbc.nixosModules.default
@@ -1126,8 +1129,11 @@ in {
         )
         vlanRangeWith0;
 
-      # TODO: double-check that this works
-      dhcp-host = "1c:69:7a:07:08:5f,${dmzExposedHostIpv4},${dmzExposedHost}";
+      dhcp-host = builtins.concatStringsSep "," [
+        dmzExposedHostMACaddr
+        dmzExposedHostIpv4
+        dmzExposedHostFQDN
+      ];
 
       expand-hosts = true;
 
diff --git a/nix/os/devices/sj-srv1/system.nix b/nix/os/devices/sj-srv1/system.nix
index 985ed24..a6498a4 100644
--- a/nix/os/devices/sj-srv1/system.nix
+++ b/nix/os/devices/sj-srv1/system.nix
@@ -25,12 +25,12 @@
   networking.usePredictableInterfaceNames = false;
 
   networking.useNetworkd = true;
-  networking.useDHCP = true;
+  networking.useDHCP = false;
 
   networking.nat = {
     enable = true;
-    externalInterface = "eth0";
     internalInterfaces = ["br0"];
+    externalInterface = "dmz0";
   };
 
   networking.bridges = {
@@ -49,8 +49,40 @@
     };
   };
 
+  systemd.network.netdevs."10-dmz0" = {
+    enable = true;
+    netdevConfig = {
+      Name = "dmz0";
+      Kind = "macvlan";
+      MACAddress = "1c:69:7a:07:08:6f";
+    };
+
+    macvlanConfig = {
+      Mode = "bridge";
+    };
+  };
+
+  systemd.network.networks."20-eth0" = {
+    enable = true;
+    matchConfig.Name = "eth0";
+
+    # TODO: i'm not sure if and if so why this is required
+    macvlan = [
+      "dmz0"
+    ];
+
+    DHCP = "no";
+  };
+
+  systemd.network.networks."30-dmz0" = {
+    enable = true;
+    matchConfig.Name = "dmz0";
+    DHCP = "yes";
+  };
+
   boot.kernel.sysctl = {
     "net.ipv4.ip_forward" = 1;
+    "net.ipv6.ip_forward" = 1;
   };
 
   # virtualization