diff --git a/modules/proxy.nix b/modules/proxy.nix
index 85993e7..34dcfc2 100644
--- a/modules/proxy.nix
+++ b/modules/proxy.nix
@@ -56,11 +56,16 @@ let
       wants = [ "network-online.target" ];
       wantedBy = [ "multi-user.target" ];
       serviceConfig = {
-        ExecStart = "${pkgs.socat}/bin/socat ${lib.toUpper proto}-LISTEN:${toString port},fork,reuseaddr ${lib.toUpper proto}:${upstream}:${toString port}";
+        ExecStart =
+          if proto == "udp" then
+            "${pkgs.socat}/bin/socat UDP-RECVFROM:${toString port},fork,reuseaddr UDP:${upstream}:${toString port}"
+          else
+            "${pkgs.socat}/bin/socat TCP-LISTEN:${toString port},fork,reuseaddr TCP:${upstream}:${toString port}";
         Restart = "on-failure";
         RestartSec = "5s";
         DynamicUser = true;
         AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+        CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
       };
     };