Btw, I'm not sure if I understand how exactly is everything connected at customer's side.
Hi Sob. Thanks for the answer.
You're right, may be some sniffing reveal differences.
At the customer side things are as plain as possible, nothing special: at the ADSL providor a Motorola box with WiFi included, PPPoe etc. The difference is that ADSL providor leases public DNS as ... DNS for each device on LAN.
At my side, a TP-Link BGN and a natted CPE from UBNT and DNS is at a private LAN address range. So manual config at PS4 solved the problem (after the "trusted dns" list at dst-nat trap).
Bottom line all surfing services works fine (voip included).
Only PS4 seems a bit tricky (MTU 1472 and comfortable with public DNS IP addresses). I'll ask the customer to wire this TP-Link at one of his ADSL LAN ports and try using TP Link's DHCP to provide IP to PS4.
Even configuring CPE as transparent bridge and connecting PS4 direct (no home routers, nothing) solve the problem. PS4 received address from MT DHCP direct but if I does not use a public DNS IP address ... no game.
BTW, uPNP are enabled at public / local interfaces (external / internal etc) and I saw its use from such customer at the Winbox NAT pane for some time (temporary redirecting ports).
I'll sniffer the "boot up" process to see whats up.