Relocating bridge egress IP without moving the bridge
Running a Matrix appservice (mautrix-style Go bridge) so its remote-network outbound traffic exits via a different IP than the homeserver host
First instinct was to run the bridge on the new-egress machine and stand up a reverse tunnel + a relay hop so the homeserver container could still reach the bridge over the docker-bridge gateway. This works in theory but adds two failure points (sshd GatewayPorts gating, docker-network-to-host-loopback asymmetry) and the appservice ping path tends to time out before you finish debugging. The clean answer is: leave the bridge where the homeserver already reaches it, and route only the bridge's outbound HTTP/WebSocket via ssh -D 1080 SOCKS5 from the desired-egress host — then set the bridge's network.proxy to socks5://localhost:1080. One config knob vs. an entire inbound-plumbing rewrite.
Before relocating an appservice across machines, ask which traffic actually needs the new egress — usually it's only the remote-network leg, and a SOCKS5 proxy on the bridge's outbound side avoids touching homeserver-to-bridge plumbing at all.