diff --git a/src/AdminCabinet/Forms/NetworkEditForm.php b/src/AdminCabinet/Forms/NetworkEditForm.php
index bc9537892..cbc6eddb8 100644
--- a/src/AdminCabinet/Forms/NetworkEditForm.php
+++ b/src/AdminCabinet/Forms/NetworkEditForm.php
@@ -19,6 +19,7 @@
 
 namespace MikoPBX\AdminCabinet\Forms;
 
+use MikoPBX\Common\Models\LanInterfaces;
 use MikoPBX\Common\Models\PbxSettings;
 use MikoPBX\Common\Models\PbxSettingsConstants;
 use MikoPBX\Common\Providers\TranslationProvider;
@@ -63,7 +64,7 @@ public function initialize($entity = null, $options = null): void
 
         // topology
         $cheskArr = ['value' => null];
-        if ($entity->topology == 'private') {
+        if ($entity->topology == LanInterfaces::TOPOLOGY_PRIVATE) {
             $cheskArr = ['checked' => 'checked', 'value' => null];
         }
         $this->add(new Check('usenat', $cheskArr));
diff --git a/src/Core/System/DockerEntrypoint.php b/src/Core/System/DockerEntrypoint.php
index 30388a779..41a3b478a 100644
--- a/src/Core/System/DockerEntrypoint.php
+++ b/src/Core/System/DockerEntrypoint.php
@@ -21,6 +21,7 @@
 
 use Error;
 use JsonException;
+use MikoPBX\Common\Models\LanInterfaces;
 use MikoPBX\Common\Models\PbxSettingsConstants;
 use Phalcon\Di;
 use ReflectionClass;
@@ -227,6 +228,11 @@ private function applyEnvironmentSettings(): void
                     case PbxSettingsConstants::GNATS_HTTP_PORT:
                         $this->updateJsonSettings('gnats', 'httpPort', intval($envValue));
                         break;
+                    case PbxSettingsConstants::ENABLE_USE_NAT:
+                        if ($envValue==='1'){
+                            $this->enableNat();
+                        }
+                        break;
                     default:
                         $this->updateDBSetting($dbKey, $envValue);
                         break;
@@ -235,6 +241,29 @@ private function applyEnvironmentSettings(): void
         }
     }
 
+    /**
+     * Updates the topology of LAN interfaces designated as public (internet-facing) to private
+     * by executing an SQLite update command directly via the shell.
+     *
+     * This method finds the path of the SQLite3 executable and constructs a command to update
+     * the `topology` field of all entries in the `m_LanInterfaces` table where `internet` is '1'.
+     * The new topology value is set from the `LanInterfaces::TOPOLOGY_PRIVATE` constant.
+     *
+     */
+    private function enableNat(): void
+    {
+        $sqlite3 = Util::which('sqlite3');
+        $dbPath =  self::PATH_DB;
+        $out = [];
+        $private = LanInterfaces::TOPOLOGY_PRIVATE;
+        $command = "$sqlite3 $dbPath \"UPDATE m_LanInterfaces SET topology='$private' WHERE internet='1'\"";
+        $res = Processes::mwExec($command, $out);
+        if ($res === 0) {
+            SystemMessages::sysLogMsg(__METHOD__, " - Update topology to '$private' in m_LanInterfaces", LOG_INFO);
+        } else {
+            SystemMessages::sysLogMsg(__METHOD__, " - Update topology failed: " . implode($out) . PHP_EOL . 'Command:' . PHP_EOL . $command, LOG_ERR);
+        }
+    }
     /**
      * Updates the specified setting in the JSON configuration file.
      * @param string $path The JSON path where the setting is stored.
@@ -264,7 +293,7 @@ private function updateDBSetting(string $key, string $newValue): void
             $command = "$sqlite3 $dbPath \"UPDATE m_PbxSettings SET value='$newValue' WHERE key='$key'\"";
             $res = Processes::mwExec($command, $out);
             if ($res === 0) {
-                SystemMessages::sysLogMsg(__METHOD__, " - Update $key to '$newValue' in DB", LOG_INFO);
+                SystemMessages::sysLogMsg(__METHOD__, " - Update $key to '$newValue' in m_PbxSettings", LOG_INFO);
             } else {
                 SystemMessages::sysLogMsg(__METHOD__, " - Update $key failed: " . implode($out) . PHP_EOL . 'Command:' . PHP_EOL . $command, LOG_ERR);
             }
diff --git a/src/Core/System/Network.php b/src/Core/System/Network.php
index d90dddc2f..79bfda003 100644
--- a/src/Core/System/Network.php
+++ b/src/Core/System/Network.php
@@ -20,6 +20,8 @@
 namespace MikoPBX\Core\System;
 
 use MikoPBX\Common\Models\LanInterfaces;
+use MikoPBX\Common\Models\PbxSettings;
+use MikoPBX\Common\Models\PbxSettingsConstants;
 use MikoPBX\Core\Utilities\SubnetCalculator;
 use MikoPBX\PBXCoreREST\Lib\Sysinfo\GetExternalIpInfoAction;
 use Phalcon\Di\Injectable;
@@ -200,7 +202,10 @@ public function getGeneralNetSettings(): array
             /** @var LanInterfaces $eth_settings */
             $eth_settings = LanInterfaces::findFirst("disabled='0'");
             if ($eth_settings !== null) {
-                $eth_settings->internet = 1;
+                $eth_settings->internet = '1';
+                if (PbxSettings::getValueByKey(PbxSettingsConstants::ENABLE_USE_NAT)==='1'){
+                    $eth_settings->topology=LanInterfaces::TOPOLOGY_PRIVATE;
+                }
                 $eth_settings->save();
             }
         }