How to — NAT Type 2 / moderate in pfSense

When starting an online game with the default pfSense NAT configuration you will notice that the games are showing warnings or even errors, that your NAT type is 3 / strict. The problem is caused by the NAT source port randomization of pfSense.

Solution

You have create a new outbound NAT rule for the device (PS4, PC, …), which will use a static Port. First go to Firewall -> NAT -> Outbound

1. The outbound NAT Mode should be “Manual” or “Hybrid”
2. Click the “Add” button to create a new NAT rule
3. You can edit the protocol based on the game or leave it the default value, some games only use UDP.
4. As source network you have to input the IP of the device and set the subnet mask to /32 to apply this rule only to the single device.
5. Select “Static Port” under “Translation”
6. Done, your NAT Type should now be “2 moderate” instead of “3 strict”.

This screenshot shows an example configuration