diff --git a/modules/proxy.nix b/modules/proxy.nix
index 34dcfc2..663bae6 100644
--- a/modules/proxy.nix
+++ b/modules/proxy.nix
@@ -47,6 +47,9 @@ let
 
   mkSocatService =
     port: proto:
+    let
+      isPrivileged = port < 1024;
+    in
     lib.nameValuePair "socat-${proto}-${toString port}" {
       description = "Socat ${proto} proxy for port ${toString port}";
       after = [
@@ -63,7 +66,12 @@ let
             "${pkgs.socat}/bin/socat TCP-LISTEN:${toString port},fork,reuseaddr TCP:${upstream}:${toString port}";
         Restart = "on-failure";
         RestartSec = "5s";
+      }
+      // lib.optionalAttrs (!isPrivileged) {
         DynamicUser = true;
+      }
+      // lib.optionalAttrs isPrivileged {
+        User = "nobody";
         AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
         CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
       };