diff --git a/site-modules/profile/manifests/network.pp b/site-modules/profile/manifests/network.pp
index 70ec6b32..6c059129 100644
--- a/site-modules/profile/manifests/network.pp
+++ b/site-modules/profile/manifests/network.pp
@@ -1,47 +1,49 @@
 # Network configuration for Software Heritage servers
 #
 # Supports one private and one public interface
 class profile::network {
   debnet::iface::loopback { 'lo': }
 
   $interfaces = lookup('networks')
   each($interfaces) |$label, $data| {
 
     if $label == 'private' {
       file_line {'private route table':
         ensure => 'present',
         line   => '42 private',
         path   => '/etc/iproute2/rt_tables',
       }
       $ups = [
         "ip route add 192.168.101.0/24 via ${data['gateway']}",
         "ip route add 192.168.200.0/21 via ${data['gateway']}",
         "ip rule add from ${data['address']} table private",
+        "ip route add 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private",
         "ip route add default via ${data['gateway']} dev ${data['interface']} table private",
         'ip route flush cache',
       ]
       $downs = [
         "ip route del default via ${data['gateway']} dev ${data['interface']} table private",
+        "ip route del 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private",
         "ip rule del from ${data['address']} table private",
         "ip route del 192.168.200.0/24 via ${data['gateway']}",
         "ip route del 192.168.101.0/24 via ${data['gateway']}",
         'ip route flush cache',
       ]
       $gateway = undef
     } else {
       $ups = []
       $downs = []
       $gateway = $data['gateway']
     }
 
 
     debnet::iface { $data['interface']:
       method  => 'static',
       address => $data['address'],
       netmask => $data['netmask'],
       gateway => $gateway,
       ups     => $ups,
       downs   => $downs,
     }
   }
 }