I was looking into recently on how to add a game console device to a DMZ (demilitarized zone) on OpenWrt 23.05.2.
The main reasons were that I didn't want to enable UPnP and also I didn't know which ports specifically needed to be forwarded for a specific game (Helldivers 2).
Here is the easiest way I could find to add a device to DMZ via Luci:
Login to your OpenWrt Router
Go to Network > Firewall > Port Forwards
Click on Add
Name it Game Console DMZ (or however you want)
Choose Protocol Any
Choose Source zone wan
Choose Destination zone lan
Choose the Internal IP address of your game console (you might want to assign it a static IP in Network > DHCP and DNS > Static Leases)
Click on Save
(Optional) Move it to the bottom of the list if you have/need to have other Port Forwardings to other devices, as this forwards all the ports
Click on Save and Apply
Here is a screenshot of how the settings should look like:
Once you have the DMZ rule set up, you can easily enable and disable the whole rule as needed, for better security.
You could technically have multiple DMZ rules setup for different devices, and only enable 1 at a time when needed.
Please note that many game consoles seem to have built-in firewall where all unused ports are set to Stealth, so it's relatively safe to add them to DMZ.
However, be careful not to add other devices to DMZ that you're not sure they have good security, as all their ports would be exposed to the Internet.
I'm curious about the need for this... With my XBox, default OpenWrt settings/rules don't impede connectivity for any multiplayer games that I've played. Maybe PS5 is different? Or specific games are different? I guess I just always assumed that any multiplayer games on a console would use some kind of standardized network access for the platform, but maybe that was misguided.
Thank you for the question. You're right, most games usually have their own servers that can facilitate the connections even when the user is behind NAT.
The issue only sometimes occur with specific games that connect peers directly in Multiplayer matches and depend on the host user to keep the connection running (like the example game above). Some in-game voice features also might depend on it.
Most of the time, they could count on UPnP to handle the Port Forwarding in these specific cases, only I wanted to avoid having UPnP running on OpenWrt as it can open ports to any device, instead for just the game console.
Just wanted to add that the PS5 seems to use these additional ports:
UDP 8571
UDP 9308
I've installed UPnP on OpenWrt to check it and those ports were the only ones automatically forwarded when booting up the PS5 (and playing Helldivers 2 if that makes a difference).
They were port forwarded to the same internal ports.
This is in case someone wants to forward only those ports instead of adding the console in DMZ
