When using DynamicUser, the processes user and group are allocated a UID/GID between 61184 and 65519. For a non-root process (UID/GID 1) on linux to open ports below 1024 it needs to have the CAP_NET_BIND_SERVICE capability, which is usually not present in the execution environment. Luckily systemd allows to add capabilites using AmbientCapabilites to the capablity set.