diff --git a/run-udp2raw-with-non-root-account.md b/run-udp2raw-with-non-root-account.md
new file mode 100644
index 0000000..be1fd31
--- /dev/null
+++ b/run-udp2raw-with-non-root-account.md
@@ -0,0 +1,16 @@
+It's not security secure to run udp2raw with root. This page demonstrates how to run udp2raw as a non-root account.
+
+You must have `setcap` as a prerequisite. `setcap` is shipped with most desktop linux distributions by defualt. But its seems to be missing on OpenWRT/LEDE.
+
+```
+sudo setcap cap_net_raw+ep udp2raw_amd64
+
+./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777  -k "passwd" --raw-mode faketcp -g    #use -g option instead of -a, then udp2raw will generate a iptables rule for you 
+
+sudo iptables -I INPUT -p tcp -m tcp --dport 4096 -j DROP     # add the generated iptables rule manually
+
+./udp2raw_amd64 -s -l0.0.0.0:4096 -r 127.0.0.1:7777  -k "passwd" --raw-mode faketcp     #then run udp2raw without -g option
+
+```
+
+It works for both client and server.
\ No newline at end of file