diff --git a/USERGUIDE.md b/USERGUIDE.md
index 16e9a3a..3572aee 100644
--- a/USERGUIDE.md
+++ b/USERGUIDE.md
@@ -49,6 +49,13 @@ The current network namespace name is provided to the PostUp and PreDown
 scripts in the environment variable `$VOPONO_NS`. It is temporarily set
 when running these scripts only.
 
+Similarly, the network namespace IP address is provided via `$VOPONO_NS_IP`,
+and is available to the PostUp and PreDown scripts, and the application to
+run itself. `$VOPONO_NS_IP` is useful if you'd like to configure a server
+running within the network namespace to listen on its local IP address only
+(see below, for more information on that).
+
+
 ### Host scripts
 
 Host scripts to run just after a network namespace is created and just before it is destroyed,
@@ -266,6 +273,10 @@ Note in the case of `transmission-daemon` the `-a *.*.*.*` argument is
 required to allow external connections to the daemon's web portal (your
 host machine will now count as external to the network namespace).
 
+Instead of listening on `*.*.*.*` you also can listen on `$VOPONO_NS_IP`,
+to listen on an IP address that is only reachable from the same machine,
+the network namespace runs on.
+
 When finished with vopono, you must manually kill the
 `transmission-daemon` since the PID changes (i.e. use `killall`).
 
@@ -273,6 +284,9 @@ By default, vopono runs a small TCP proxy to proxy the ports on your
 host machine to the ports on the network namespace - if you do not want
 this to run use the `--no-proxy` flag.
 
+In this case, you can read the IP of the network namespace from the
+terminal, or use `$VOPONO_NS_IP` to get it (e.g. to use it in a script).
+
 #### systemd service
 
 For the above you may want to run vopono as a systemd service. If your
diff --git a/src/exec.rs b/src/exec.rs
index a888c78..8363fcc 100644
--- a/src/exec.rs
+++ b/src/exec.rs
@@ -370,6 +370,13 @@ pub fn exec(command: ExecCommand) -> anyhow::Result<()> {
             }
         }
 
+        // Temporarily set env var referring to this network namespace IP
+        // for the PostUp script and the application:
+        std::env::set_var(
+            "VOPONO_NS_IP",
+            &ns.veth_pair_ips.as_ref().unwrap().namespace_ip.to_string(),
+        );
+
         // Run PostUp script (if any)
         // Temporarily set env var referring to this network namespace name
         if let Some(pucmd) = postup {
@@ -389,6 +396,8 @@ pub fn exec(command: ExecCommand) -> anyhow::Result<()> {
 
     let application = ApplicationWrapper::new(&ns, &command.application, user)?;
 
+    std::env::remove_var("VOPONO_NS_IP");
+
     // Launch TCP proxy server on other threads if forwarding ports
     // TODO: Fix when running as root
     let mut proxy = Vec::new();
diff --git a/src/netns.rs b/src/netns.rs
index 6d28cdf..14708a2 100644
--- a/src/netns.rs
+++ b/src/netns.rs
@@ -462,6 +462,15 @@ impl Drop for NetworkNamespace {
             // Run PreDown script (if any)
             if let Some(pdcmd) = self.predown.as_ref() {
                 std::env::set_var("VOPONO_NS", &self.name);
+                std::env::set_var(
+                    "VOPONO_NS_IP",
+                    &self
+                        .veth_pair_ips
+                        .as_ref()
+                        .unwrap()
+                        .namespace_ip
+                        .to_string(),
+                );
                 if self.predown_user.is_some() {
                     std::process::Command::new("sudo")
                         .args(&["-Eu", self.predown_user.as_ref().unwrap(), pdcmd])
@@ -471,6 +480,7 @@ impl Drop for NetworkNamespace {
                     std::process::Command::new(&pdcmd).spawn().ok();
                 }
                 std::env::remove_var("VOPONO_NS");
+                std::env::remove_var("VOPONO_NS_IP");
             }
 
             self.openvpn = None;