Dear All,
How can I set up a DMZ status for the static IP my Playstation 4 is using currently through my Mikrotik RB951G-2HnD router?
I am using Winbox on version 6.7 currently, soon upgrading to 6.9.
Thanks for the help in advance!
/ip fi n a ch=dstnat pr=tcp dst-p=1-65535 ac=dst-nat to-a=xxx.xxx.xxx.xxx to-p=1-65535
were xxx.xxx.xxx.xxx is PS4 IP
Many thanks for your quick response!
I so far have only created rules using Winbox. Based on what you sent I assume this is what I need to set:
chain: dstnat
protocol: tcp
dest.prot: 1-65535
action: dst-nat
to address: (IP address of the PS4)
to port: 1-65535
Couple of questions please:
- I have NAS runnning using one specific XYZ port number which is already being forwarded to the NAS’s IP - (and that rule has "In. Interface: eth1-wlan set).
If I set the above rule, that will direct all incoming traffic (including the port assigned to my NAS) to the PS4, correct?
- Should I chose the eth1-wlan interface as the incoming interface as well for the PS4 rule?
Yes, from these questions you can probably tell that I am not an expert of the topic. 
Got the router all set up from a colleague who I have not been able to reach and I wanted to learn these things myself anyways.
Thanks!
Order in the NAT list is important. If the NAS dstnat is above the PS4 rule, and that NAS dstnat only NATs that one port to your NAS, you should be ok. Just bear in mind that port will go to your NAS, not the PS4.
Hi,
That is great to know, thanks. I have forwarded all ports to the PS4 and it is still showing NAT Type 2 - which means that it’s working OK online but firewall is “moderate” and that leads to certain issues when playing online.
I have read that somewhere that if you have multiple NATs set up at home (router behind router) that might be causing this issue. Now, I only have one router but my friend set up 2 NAT maskings within the network: one masked to broadcast a regular wifi signal, while the other for a wifi signal that is behind a VPN service. The PS4 is on the non-VPN wifi.
As you can tell I am not that good at this and what I am trying to ask is that could this NAT masking (for non-VPN and VPN related traffic) could be causing the issue?
One more question please:
I have tried to disable the DMZ-like forward all ports to PS4 and trying to work with the UPNP feature. It is enabled on my PS4 and I have enabled it in the RB951G-2HnD router as well, and disabled the “Allow To Disable External Interface” option.
Is this enough or I have to add an interface to let the UPNP service begin to work? If I have to add, then which interface shall I add?
eth1-wan
eth2-lan-master
eth3-lan-slave
eth4-lan-slave
eth5-lan-slave
wifi1
wifi2
Again, the PS4 is connected via wifi (Wifi1), so I assume that I need to add “Wifi1” as an Interface under the UPNP settings?
I would appreciate it if someone could clarify this for me.
Post “/ip firewall nat” and “/ip firewall filter”.
OK, I have to say that this was the first time I logged in using telnet and I hope this is what you were asking for:
NAT:
0 ;;; Du-Masq
chain=srcnat action=masquerade out-interface=eth1-wan
1 ;;; Witopia-masq
chain=srcnat action=masquerade out-interface=WitopiaVPN
2 ;;; DiskStation port fw
chain=dstnat action=dst-nat to-addresses=192.168.1.110 to-ports=5000
protocol=tcp in-interface=eth1-wan dst-port=5000
Filter:
0 ;;; default configuration
chain=input action=accept protocol=icmp
1 ;;; default configuration
chain=input action=accept connection-state=established
2 ;;; default configuration
chain=input action=accept connection-state=related
3 X ;;; default configuration
chain=input action=drop in-interface=eth1-wan
Du-Masq is used for let’s say Wifi1 (non-VPN) and Witopia-masq for Wifi2 (VPN). All this was setup by a friend who is no longer available to help - just saying not to give the wrong idea that I knew how to set all this up
Where is your dstnat to your PS4?
I have those rules currently disabled as I was trying to work with the UPNP option. Though here they are, .111 is the PS4:
3 X ;;; PS4 port fw TCP 1
chain=dstnat action=dst-nat to-addresses=192.168.1.111 to-ports=1-65535
protocol=tcp in-interface=eth1-wan dst-port=1-65535
6 X ;;; PS4 port fw UDP 1
chain=dstnat action=dst-nat to-addresses=192.168.1.111 to-ports=1-65535
protocol=udp in-interface=eth1-wan dst-port=1-65535
Read this and follow the instructions/example.
http://wiki.mikrotik.com/wiki/Manual:IP/UPnP
Thanks, that is exactly what I did and that is why I was asking whether I have to add an Interface or that is optional. Then I decided to add the du-wifi interface of mine under UPNP (which is my primary non-VPN wifi related to the Du-Masq). The PS4 is on this wifi. Did I do that right?
enabled: yes
allow-disable-external-interface: no
show-dummy-rule: yes
Flags: X - disabled
INTERFACE TYPE FORCED-EXTERNAL-IP
0 du-wifi internal
Did you see the example at the bottom of that page? You must add an internal and external interface, then enable both.
I did see it but i didn’t understand it. What should I set as internal and external interfaces?
The “internal” interface is your localnet interface (LAN).
The “external” interface is the internet interface (WAN).
I have set du-wifi (primary wifi to which the PS4 is connected to) as internal and eth1-wan as external and they are enabled.
Is there a way for me to track and see if the PS4 is actually able to use the UPNP function of the router?
SurferTim / Anyone,
Could you please confirm that this is all that needs to be done to enable UPNP on the router’s side and if there is a way to see which devices are using UPNP?
Thanks!
It’s been ages that I’m searching to forward some ports OR put my PS3/PS4 IP addresses into the DMZ mode, PLEASE someone HELP me with it I’m stuck at NAT Type 2.!