[Tutorial] How to add a device to DMZ on OpenWrt

I was looking into recently on how to add a game console device to a DMZ (demilitarized zone) on OpenWrt 23.05.2.

The main reasons were that I didn't want to enable UPnP and also I didn't know which ports specifically needed to be forwarded for a specific game (Helldivers 2).

Here is the easiest way I could find to add a device to DMZ via Luci:

  1. Login to your OpenWrt Router

  2. Go to Network > Firewall > Port Forwards

  3. Click on Add

  4. Name it Game Console DMZ (or however you want)

  5. Choose Protocol Any

  6. Choose Source zone wan

  7. Choose Destination zone lan

  8. Choose the Internal IP address of your game console (you might want to assign it a static IP in Network > DHCP and DNS > Static Leases)

  9. Click on Save

  10. (Optional) Move it to the bottom of the list if you have/need to have other Port Forwardings to other devices, as this forwards all the ports

  11. Click on Save and Apply

Here is a screenshot of how the settings should look like:

Once you have the DMZ rule set up, you can easily enable and disable the whole rule as needed, for better security.

You could technically have multiple DMZ rules setup for different devices, and only enable 1 at a time when needed.

Please note that many game consoles seem to have built-in firewall where all unused ports are set to Stealth, so it's relatively safe to add them to DMZ.

However, be careful not to add other devices to DMZ that you're not sure they have good security, as all their ports would be exposed to the Internet.

Thanks for the solution goes to this post: https://serverfault.com/a/665155/996226

If you have any suggestions on how it can be improved or questions regarding this procedure, please feel free to comment below.

2 Likes

I'm curious about the need for this... With my XBox, default OpenWrt settings/rules don't impede connectivity for any multiplayer games that I've played. Maybe PS5 is different? Or specific games are different? I guess I just always assumed that any multiplayer games on a console would use some kind of standardized network access for the platform, but maybe that was misguided.

Thank you for the question. You're right, most games usually have their own servers that can facilitate the connections even when the user is behind NAT.

The issue only sometimes occur with specific games that connect peers directly in Multiplayer matches and depend on the host user to keep the connection running (like the example game above). Some in-game voice features also might depend on it.

Most of the time, they could count on UPnP to handle the Port Forwarding in these specific cases, only I wanted to avoid having UPnP running on OpenWrt as it can open ports to any device, instead for just the game console.

Just wanted to add that the PS5 seems to use these additional ports:

  • UDP 8571
  • UDP 9308

I've installed UPnP on OpenWrt to check it and those ports were the only ones automatically forwarded when booting up the PS5 (and playing Helldivers 2 if that makes a difference).

They were port forwarded to the same internal ports.

This is in case someone wants to forward only those ports instead of adding the console in DMZ

Greetings, it doesn't allow me to save if I don't put or declare a port in "external port"

[Moderator edit: added English translation]


Saludos , no me permite guardar si no pongo o declaro un puerto en " puerto externo "

Make sure to select protocol Any instead of TCP and UDP, and usually you won't need to enter an external port