diff --git a/ansible/group_vars/all/seed b/ansible/group_vars/all/seed
index decdd2a52a6ae3752bde4f805558e71e969df608..3bea81566c91e4ee8bc3df5180ff04b9419dc76a 100644
--- a/ansible/group_vars/all/seed
+++ b/ansible/group_vars/all/seed
@@ -23,6 +23,9 @@ seed_default_network_interfaces: >
 # List of extra networks to which seed nodes are attached.
 seed_extra_network_interfaces: []
 
+# Whether to enable SNAT on seed nodes. Default is false.
+seed_enable_snat: false
+
 ###############################################################################
 # Seed node software RAID configuration.
 
diff --git a/ansible/ip-routing.yml b/ansible/ip-routing.yml
index e3627d37768262d4d9e4b16989cd3c2058cb4a98..f9d3bbd7286d30f2cd3d04e49594cfa302ce778d 100644
--- a/ansible/ip-routing.yml
+++ b/ansible/ip-routing.yml
@@ -7,3 +7,4 @@
     - ip-routing
   roles:
     - role: ip-routing
+      when: seed_enable_snat | bool
diff --git a/ansible/snat.yml b/ansible/snat.yml
index 311f3c0453298a91c3fdb4c988886afdd1f98dec..feab9e0411892f9c05f24d276e33c870108d9b38 100644
--- a/ansible/snat.yml
+++ b/ansible/snat.yml
@@ -11,3 +11,4 @@
         source_ip: "{{ ansible_facts.default_ipv4.address }}"
   roles:
     - role: snat
+      when: seed_enable_snat | bool
diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml
index 35f2aadaaea899f68a3b4fc5ec5551c4081c6b4d..7246fbd0abb576c6d1baa5965b875599a5124de2 100644
--- a/etc/kayobe/seed.yml
+++ b/etc/kayobe/seed.yml
@@ -18,6 +18,9 @@
 # List of extra networks to which seed nodes are attached.
 #seed_extra_network_interfaces:
 
+# Whether to enable SNAT on seed nodes. Default is false.
+#seed_enable_snat:
+
 ###############################################################################
 # Seed node software RAID configuration.
 
diff --git a/releasenotes/notes/seed-disable-snat-4d1e7899456f7561.yaml b/releasenotes/notes/seed-disable-snat-4d1e7899456f7561.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..263aa1183f8462dfee3ff819c6d9644d506fc4e4
--- /dev/null
+++ b/releasenotes/notes/seed-disable-snat-4d1e7899456f7561.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds a new variable ``seed_enable_snat`` that allows users to enable SNAT
+    service on the seed. The default value is ``false``.