diff --git a/setup/start.sh b/setup/start.sh
index 018fb9f10..efd0d92c6 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -40,7 +40,14 @@ usermod ${USER} -a -G docker
 
 if ! grep -q ip6tables /etc/systemd/system/docker.service.d/cloudron.conf; then
     log "Adding ip6tables flag to docker" # https://github.com/moby/moby/pull/41622
-    echo -e "[Service]\nExecStart=\nExecStart=/usr/bin/dockerd -H fd:// --log-driver=journald --exec-opt native.cgroupdriver=cgroupfs --storage-driver=overlay2 --experimental --ip6tables" > /etc/systemd/system/docker.service.d/cloudron.conf
+    echo -e "[Service]\nExecStart=\nExecStart=/usr/bin/dockerd -H fd:// --log-driver=journald --exec-opt native.cgroupdriver=cgroupfs --storage-driver=overlay2 --experimental --ip6tables --userland-proxy=false" > /etc/systemd/system/docker.service.d/cloudron.conf
+    systemctl daemon-reload
+    systemctl restart docker
+fi
+
+if ! grep -q userland-proxy /etc/systemd/system/docker.service.d/cloudron.conf; then
+    log "Adding userland-proxy=false to docker" # https://github.com/moby/moby/pull/41622
+    echo -e "[Service]\nExecStart=\nExecStart=/usr/bin/dockerd -H fd:// --log-driver=journald --exec-opt native.cgroupdriver=cgroupfs --storage-driver=overlay2 --experimental --ip6tables --userland-proxy=false" > /etc/systemd/system/docker.service.d/cloudron.conf
     systemctl daemon-reload
     systemctl restart docker
 fi
diff --git a/src/docker.js b/src/docker.js
index cd6b5ee43..d4560456a 100644
--- a/src/docker.js
+++ b/src/docker.js
@@ -289,16 +289,25 @@ async function createSubcontainer(app, name, cmd, options) {
         const portType = (manifest.tcpPorts && portName in manifest.tcpPorts) ? 'tcp' : 'udp';
         const ports = portType == 'tcp' ? manifest.tcpPorts : manifest.udpPorts;
 
-        const containerPort = ports[portName].containerPort || hostPort;
+        let portCount = 1;
+        if (portName === 'sfuTcp' || portName === 'sfuUdp') portCount = 100;
+
+        const containerPort = ports[portName].containerPort || hostPort;
+        const hostIps = hostPort === 53 ? getAddressesForPort53() : [ '0.0.0.0', '::0' ]; // port 53 is special because it is possibly taken by systemd-resolved
 
-        // docker portBindings requires ports to be exposed
-        exposedPorts[`${containerPort}/${portType}`] = {};
         portEnv.push(`${portName}=${hostPort}`);
 
-        const hostIps = hostPort === 53 ? getAddressesForPort53() : [ '0.0.0.0', '::0' ]; // port 53 is special because it is possibly taken by systemd-resolved
-        dockerPortBindings[`${containerPort}/${portType}`] = hostIps.map(hip => { return { HostIp: hip, HostPort: hostPort + '' }; });
+        // docker portBindings requires ports to be exposed
+        for (let i = 0; i < portCount; ++i) {
+            exposedPorts[`${containerPort+i}/${portType}`] = {};
+            dockerPortBindings[`${containerPort+i}/${portType}`] = hostIps.map(hip => { return { HostIp: hip, HostPort: (hostPort + i) + '' }; });
+        }
     }
 
+    console.log('=== env', portEnv)
+    console.log('=== bindings', dockerPortBindings)
+    console.log('=== exposedPorts', exposedPorts)
+
     const appEnv = [];
     Object.keys(app.env).forEach(function (name) { appEnv.push(`${name}=${app.env[name]}`); });