NAT (Network Address Translation) technology allows us to go to the Internet from our home through the same public IP address, in this way, the computers on the LAN will have a private IP address and can all connect to the Internet simultaneously, without the need to open ports manually in the outbound direction, because the router is in charge of managing all the connections, indicating in the NAT table the internal IP address of the device, the source port used and the destination port. When we are behind NAT, we may have problems with the consoles, especially if we are going to host games ourselves and we have to allow them to connect from the outside.
NAT types on PlayStation and Xbox
When we have a console like PlayStation or Xbox, if we look at the network status section we can see the type of NAT that we currently have on the console. Depending on the type of NAT we have, it will tell us if we are accessible through the Internet or if we have to open the ports on the router (Port forwarding) to avoid problems. Having the correct NAT is essential in the field of gaming, otherwise, we may not be able to connect to the servers to play online, or that the user experience is not as good as it should be. In the two consoles par excellence, PlayStation and Xbox, we have a total of three types of NAT, these NAT refer to how the console is connecting to the Internet.
NAT1, NAT type 1, or open NAT
In this type of NAT, the console connects directly to the Internet, that is, the console itself will have a public IP address, so all ports will be open since we will not have NAT of any kind on our router. The consoles allow basic network connection methods such as DHCP and PPPoE, but they are not capable of using VLANs to connect to fiber optic operators in Spain, so if you are going to connect your console directly to the Internet, you must remove this VLAN tag using a manageable switch, or that your operator's router allows you to put it in bridge mode by removing this tag from the VLAN, both methods are possible.
In general, it is very strange to have a NAT1 type NAT in our console, because that means that we will be connecting the console directly to the Internet connection, either to the ONT if it is fiber or to the cable modem. If you make this configuration, you will not be able to connect any other device to the Internet connection, and every time you want to play and obtain NAT1 you will have to remove the router and perform the configuration unless you have a connection specifically dedicated for the games that then you always have it configured and ready to go.
Logically, in this type of NAT1 it is not necessary to open ports, because by not having any type of NAT due to having a direct connection to the Internet and having the public IP of the connection, there are no ports to open.
NAT2, NAT type 2, or moderate NAT
In this type of NAT, the console connects to the Internet through a router, that is, we will have a private IP address of the local network, and the router will be the one who makes the connection to the Internet and we will be behind the NAT. If we have NAT2 it means that we have the ports open on the router redirected to our console, so we will not have problems regarding connectivity or hosting games. This type of NAT2 is the most common for any user, because we have a router that is responsible for establishing the Internet connection and allows us to connect all the devices in our home at the same time.
 
 
In this type of NAT, the console connects to the Internet through a router, that is, we will have a private IP address of the local network, and the router will be the one who makes the connection to the Internet and we will be behind the NAT. If we have NAT2 it means that we have the ports open on the router redirected to our console, so we will not have problems regarding connectivity or hosting games. This type of NAT2 is the most common for any user, because we have a router that is responsible for establishing the Internet connection and allows us to connect all the devices in our home at the same time.
NAT3, NAT type 3, or strict NAT
In this type of NAT, the console connects to the Internet through a router as in the previous case, that is, we will have a private IP address of the local network, and the router will be the one who makes the connection to the Internet and we will be behind of the NAT. If we have NAT3 it means that we do not have the ports open on the router, so we will have many connectivity problems, we will not be able to play online or we will do so with limitations in some games.
This type of NAT is the one that you should always avoid, it is the most common when we are behind a router and we do not have the ports open correctly. In the event that your operator has you in CG-NAT, this type of NAT3 is what you will have even if you open ports on your home router, because your home router will not have the public IP address that can be routed over the Internet, but rather the it will have the operator's own router. In this type of case, if you have CGNAT it is best to call the operator to take you out and provide you with a public IP, otherwise, you will not be able to play many games, chat with people in groups and you will have disconnections in random games, it is say, you will have a lot of problems.
How to open ports for the console
In the case that you have NAT1 you will not need to open ports, because the console will connect directly to the Internet and will have the public IP. In the case that you have NAT2, it is advisable to open the ports that you are going to use in the different online games, or to perform different actions such as group chat etc. If you have NAT3, you should open ports on the router to automatically switch to NAT2 and not have problems with online games.
The place where the ports are "opened" is in the router and towards the console, before opening ports, it is highly recommended to do one of these two actions:
- 
Configure fixed IP in the console: this configuration must be done directly in the console, it consists of putting a fixed IP address in the "Network" menu, indicating an IP address of the router's subnet, using the typical subnet mask that is 255.255.255.0 and the default gateway which is the router's IP, usually 192.168.1.1. You will also have to indicate the DNS servers, it is highly recommended to use Google (8.8.8.8, 8.8.4.4) or Cloudflare (1.1.1.1 and 1.0.0.1).
- 
Configure Static DHCP on the router: this configuration is done on the router, it consists of going to the "DHCP Server" section of the router. The DHCP server is the one that will be in charge of providing us with all the private IP addressing. In this section we will see a "Static DHCP" menu or something similar, it consists of putting the MAC address of our console (MAC of the Ethernet or WiFi card) together with the private IP address that we want. In this way, the router will always provide the console with the same private IP.
Once we have carried out this action of setting a fixed IP or configuring the router's "Static DHCP", we are going to see how to open the ports.
Open ports, port forwarding or port forwarding
If we do not want to have problems with our games, the ideal is to open ports to our console, and only open the ports we need to play correctly. For security reasons, it is never recommended to open more ports than will be used. All routers have a menu to open ports, this menu can be called in different ways:
- 
Forwarding of ports
- 
Port forwarding
- 
Virtual Server or Virtual Server
- 
Port forwarding
Depending on the router you have, you will have one menu or another. What you should keep in mind is that you will have to fill in all this information to open the ports:
- 
Protocol: you must choose between TCP and UDP, generally all games use TCP.
- 
Internal IP address: it is the IP address of the console, generally it is 192.168.1.X, the one you entered in the previous step.
- 
External IP address: blank, we do not have to fill this in.
- 
External IP port: it is the port that you must open to the console
- 
Internal IP port: it must be the same as the previous one, there are routers that allow opening different internal and external ports. In the case of consoles, the external and internal must be the same.
 
 
Once we have filled in everything, we will apply changes and we will have an open port. In the event that you need to open several ports simultaneously, then you will have to perform this same action several times, one rule for each port.
There are gaming-oriented routers like some ASUS models, which allow us to open ports easily and quickly through “Open NAT” technology. This is basically a large database with the ports used by the different games for PlayStation, Xbox or PC, and it will open them to the IP address that we want. Instead of investigating the TCP or UDP ports of the different games, we will have to choose the game to use only.
 
 
We can add new game profiles in case there are any that are not in the games list, however, the most popular games are here.
 
 
All we have to do is select one or more games, choose the platform (console or PC) and put the internal IP address or choose the hostname of the console, and click on apply. In this way, we will not have to deal with the different protocols, a number of ports, etc.
 
 
In case you want to do a more manual configuration, either you go to the main menu to open ports, or we are still here but they will ask us for exactly the same data that we have seen previously.
 
 
This is the best way to open ports to the console, the negative part is that we will have to go port by port opening them in NAT.
DMZ
The DMZ is a good option to open the ports to a console, although it is not recommended to perform this action if your gaming platform is a PC, for security reasons. The DMZ consists of opening all the ports except those that we have specifically open in NAT, in this way, if we have several ports open to a NAS server, and we open the DMZ to the console, it will open all ports except those that are configured for the NAS.
 
 
If you use a console such as PlayStation or Xbox, opening the DMZ is an option so as not to complicate our lives by opening the ports, we simply have to put the IP address of our console in the router menu, and we will automatically have all the ports open. In the event that you use a PC and open the DMZ to this PC, it is recommended that the PC has a firewall to block all unsolicited traffic, however, for security reasons, we recommend not opening the DMZ to a PC, unless that you know what you are doing.
UPnP
The last method to open ports in NAT is the UPnP protocol. This protocol will be responsible for opening ports automatically and dynamically, depending on the requests made by different devices on the local network. If your gaming device supports UPnP, and the router has it enabled, all ports will open automatically and you won't have to worry about manually opening ports or opening the DMZ.
In our opinion, we always recommend disabling UPnP directly on the router for security reasons. It is possible that in your network you have some equipment that is opening ports by UPnP without you knowing it, or that it does it when you do not want to. There are routers that allow you to activate UPnP on-demand on certain devices and not globally, such as FRITZ! Box routers. These routers allow us to enable "autonomous port forwarding", which basically is to activate UPnP to the computers we want.
As you have seen, we have different types of NAT in the consoles, and different ways to open these ports and not have any type of problem when connecting to our online games. We hope that the explanations will help you, if you have any questions you can give us a comment and we will help you solve any NAT problem.