I would really appreciate if there was a Setup guide in the documentation on how to correctly setup NAT, port forwarding or UPnP for gaming consoles like Xbox or PlayStation, etc. I've been struggling with this for a long time, and I can't get my Xbox NAT type to be open, it is also Moderate.
I know it is on me. But still I don't think I am the only struggling with this.
Thanks.
have you tried this:
Short Version:
Give your XB1 (or PS4, same process required) a static IP
Install/Enable UPNP
Set "User Specified Permissions" to "allow 88-65535 10.1.1.x/32 88-65535", where 10.1.1.x is the static ip of the XB1/PS4
Firewall>NAT>Outbound - Set to Hybrid/Manual rule generation
Create a rule with the following set: "Source Address - Single Host or network - 10.1.1.x" & "Static Port - Checked"
Do a hard-reboot of your XB1/PS4 (shutting it down and pulling the power for 2 mins will do"
You should now have a NAT Type of Moderate (XB1), or Type 2 (PS4).
found here: https://forum.opnsense.org/index.php?topic=8812.0 (https://forum.opnsense.org/index.php?topic=8812.0)
Yes I had something like that setup, and it resulted in "Moderate NAT".
I tried this guide https://niallbest.com/achieve-full-open-nat-with-port-forwarding-for-xbox-live-via-opnsense that I had bookmarked months ago again, and it seems to have worked after a few restarts and toggling QoS DSCP tagging on and off on the console. I now have NAT type: Open.
I did add additional ports in "Xbox Live TCP/UDP port Alias" to include:
Port 88 (UDP)
Port 3074 (UDP and TCP)
Port 53 (UDP and TCP)
Port 80 (TCP)
Port 500 (UDP)
Port 3544 (UDP)
Port 4500 (UDP)
https://support.xbox.com/en-US/help/hardware-network/connect-network/network-ports-used-xbox-live
I have NAT Type Open on my Xbox Series X and NAT Type 2 on my PS5 using OPNsense. Per this guide, these are the ideal NAT types for consoles behind a firewall.
https://portforward.com/nat-types/
I'll try to provide the settings I'm using. Hopefully it helps!
- I have a "Games" VLAN specifically for gaming devices. In it are my XSX, PS5, and two Nintendo Switches.
- Each device has a static IP address.
- I have an Outbound NAT rule for the Games Network. (see screen shots)
- Under Firewall Rules, I have one for the Games interface allowing access to the Games Address on the UPnP ports. (see screen shots)
- UPnP is turned on, but only for the Games Interface. Use my example in the screen shots.
Here are some screen shots of the important settings. Let me know if it seems like I've forgotten anything.
- https://i.imgur.com/h0ADad0.png
- https://i.imgur.com/WEsSoUr.png
- https://i.imgur.com/CsUbvHE.png
- https://i.imgur.com/kd2iX9M.png
- https://i.imgur.com/1YNQrXH.png
With these settings, everything works perfectly. Hope it helps!
For anyone else following all these steps and still getting Type3 - set your PS to bypass Unbound DNS on Opnsense that is turned on by default. I set my PS5 to 1.1.1.1 and no restart immediately popped up with Type2 following these guys suggestions.
Quote from: EchoMikeMike on February 19, 2026, 07:30:56 AMI set my PS5 to 1.1.1.1 and no restart immediately popped up with Type2 following these guys suggestions.
That makes no sense...
The only thing I can think of is some kind of
"Online Connectivity Check Domain" being blocked via Unbound and not via 1.1.1.1 so the PS5 can do the checks it needs to do and shows Type 2 NAT ?!