How to Fix Strict NAT Type on WiFi: Port Forwarding, UPnP Settings, and DMZ Configuration for Gaming Consoles and PC
Strict NAT type blocks voice chat, stops you from hosting lobbies, and limits who you can even join in multiplayer. Here’s how to fix it with UPnP, manual port forwarding, or DMZ — and what to do when the problem is at your ISP, not your router.
Your NAT type determines how freely your gaming console or PC can communicate with other players over the internet. Strict NAT is the most restrictive state: you can only connect to players with Open NAT, you can’t host game lobbies, and voice chat often fails entirely. The good news is that strict NAT is almost always a router configuration problem, not a hardware failure — and it can be fixed in under ten minutes using one of three methods.
The Three NAT Types Explained
Your router uses Network Address Translation (NAT) to share a single public IP address among every device on your home network. For gaming, this has three practical outcomes:
- Open NAT: No restrictions. You can join any game, host lobbies, and connect to players with any NAT type. This is the target state.
- Moderate NAT: Your router’s firewall is blocking some inbound traffic. You can connect to Open and Moderate players, but not Strict ones, and you won’t be selected as lobby host. Latency is usually fine; connectivity is limited.
- Strict NAT: Significant inbound blocking. You can only connect to Open NAT players. Voice chat, party invites, and matchmaking are all impaired. This is the state this guide fixes.
PlayStation Uses Different Names
PlayStation consoles label these differently: Type 1 (Open), Type 2 (Moderate), and Type 3 (Strict). Type 3 is the equivalent of Strict NAT on Xbox and PC. Nintendo Switch uses Open, Moderate, and Strict. The underlying network problem — and the fixes — are identical regardless of platform.
Why You Have Strict NAT
A router running factory-default settings typically produces Moderate NAT because its firewall blocks unsolicited inbound connections. Strict NAT usually means one of three things: UPnP is disabled on your router (the most common cause), you have double NAT (two routers between your device and the internet), or your ISP is using Carrier-Grade NAT (CGNAT), which puts your entire house behind a shared IP address you don’t control.
Before changing any settings, check whether you actually have double NAT: log into your router’s admin panel and note its WAN IP address. Then visit a “what is my IP” site from your console or PC. If those two addresses match, you have a standard single-router setup. If they’re different, you have double NAT and need to put one device into bridge mode first.
Fix 1: Enable UPnP (Start Here)
Universal Plug and Play (UPnP) lets your console or game client automatically negotiate the port openings it needs — no manual configuration required. For the majority of gamers, enabling UPnP alone changes Strict NAT to Open NAT within minutes.
- Open a browser and navigate to your router’s admin panel. The address is usually
192.168.1.1or192.168.0.1; check the label on your router if unsure. - Log in with your admin credentials (the default is often printed on the router; change it if you haven’t).
- Find the UPnP setting. On TP-Link routers it’s under Advanced > NAT Forwarding > UPnP. On ASUS routers, look under WAN > Basic Config. On Netgear, it’s under Advanced > Advanced Setup > UPnP.
- Enable UPnP and save the settings.
- Restart your router, then restart your console or PC. Check your NAT type in the network settings.
If UPnP is already enabled and you still have Strict NAT, move to manual port forwarding. Some game engines and older consoles don’t implement UPnP requests correctly.
Fix 2: Manual Port Forwarding
Port forwarding tells your router to send incoming traffic on specific ports directly to your gaming device, bypassing the firewall check. This requires your console or PC to have a static local IP address (or a DHCP reservation) so the forwarding rule stays accurate.
First, assign your device a static IP: in your router’s DHCP settings, find your device’s MAC address and create a reservation so it always receives the same local IP (for example, 192.168.1.100).
Xbox Series X|S and Xbox One
Microsoft recommends forwarding these ports to your Xbox’s IP address:
- TCP: 53, 80, 3074
- UDP: 53, 88, 500, 3074, 3544, 4500
PlayStation 5 and PS4
Sony’s recommended ports for PS5 and PS4:
- TCP: 80, 443, 1935, 3478, 3479, 3480
- UDP: 3074, 3478, 3479
After creating the rules, restart the router and run a network connection test on your console to verify the NAT type has changed.
Fix 3: DMZ (Full Exposure for One Device)
DMZ (Demilitarized Zone) bypasses your router’s firewall entirely for a single device, sending all inbound traffic directly to it. This guarantees Open NAT but removes firewall protection for that device. It’s appropriate for a dedicated gaming console (which has its own OS-level security) and is not recommended for a Windows PC unless you have a separate software firewall active.
To configure DMZ: in your router’s admin panel, find the DMZ setting (usually under Advanced or Firewall), enter your console’s static local IP address, and enable it. Only one device can be in the DMZ at a time. Restart the router afterward.
Fix 4: Double NAT and CGNAT
If you have two routers in your home, the inner router can’t receive true inbound traffic because the outer router doesn’t forward it. The fix is to put the outer device (typically your ISP’s modem-router combo gateway) into bridge mode, so only your inner router handles NAT. Log into the ISP gateway and look for a “bridge mode,” “IP passthrough,” or “DMZ to router” setting.
If your router’s WAN IP is in the 100.64.0.0/10 range (e.g., 100.x.x.x), your ISP is using Carrier-Grade NAT (CGNAT) and you share a public IP with many other customers. No amount of port forwarding on your router will fix this — you need to contact your ISP and request a dedicated public IPv4 address, which some providers offer free and others charge a small monthly fee for. Alternatively, some gamers use a VPN service with port forwarding support to bypass CGNAT entirely. See our full guide on CGNAT and how to get a public IP address for more detail.
Quick Checklist
- Check for double NAT: compare your router’s WAN IP to your public IP
- Enable UPnP in your router admin panel and restart both router and console
- If UPnP doesn’t resolve it, assign your console a static IP and manually forward the required ports
- Use DMZ as a last resort for consoles (not unprotected PCs)
- If your router WAN IP starts with 100.x, contact your ISP about CGNAT
Run a speed test after making these changes to confirm your connection is healthy. For related guides, see how to test and interpret your WiFi ping and how to fix high ping on WiFi for a full latency optimization walkthrough.
Related Articles
How to Fix Strict NAT Type on PS5, Xbox Series X, and PC: Port Forwarding, UPnP, and DMZ Explained
Strict NAT kills matchmaking and causes lag. Here’s how to get Open NAT on PS5, Xbox Series X, and PC using UPnP, port forwarding, and DMZ — with the exact ports you need.
How to Fix Double NAT: What It Is and Why It Slows Gaming
Double NAT happens when two routers both perform address translation on your network, causing Strict NAT types, broken UPnP, and gaming lobby failures. Here’s how to detect it and fix it with three proven methods.
How to Set Up QoS on Your Home Router: Prioritize Gaming, Video Calls, and Streaming
QoS (Quality of Service) is the single most underused feature on home routers. When your household’s internet connection is shared by gamers, remote workers, and streamers, QoS is what keeps your Zoom call crisp while someone else downloads a 50 GB game update. Here’s how to set it up correctly on ASUS, TP-Link, and Netgear routers.