Code:
match out on egress inet from !$XBOX to any nat-to ($WAN:0) port 1024:65535
match out on egress from {$PS4 $XBOX} to any nat-to (egress) static-port
The above code works for both Xbox One and PS4. Both consoles connect fine and I'm able to play over the internet. Most people say that if you are behind a router your Xbox One NAT will be moderate. Well I figured out a rule solution that I can obtain and OPEN NAT on my Xbox One with rules I have set in place. The PS4 I can obtain a NAT Type 2. Having the correct rules in place I should be able to do better than NAT Type 2 or maybe not. I haven't had a chance to work on port forwarding with my PS4 just yet. I'm still tying to sort out the match situation. I don't use UPNP or DMZ. Specifically port forwarding only.
Yes the above match code seams to work fine but I really don't see it as the best solution. I think there has to be a better match rule solution. The match logic doesn't seem right and the PS4 I would suspect would end up with port randomization. The first match rule is setting all other IP addresses on the network with non static ports except the Xbox. This rule would be sticky at this point and anything afterwards would not override the first match. The second match rule setting the Xbox and PS4 with static ports works with the Xbox. I'm not so sure of the PS4 since the fist match applied to everything else including the PS4 but excluded the Xbox.
junkym what does your match rules or rule look like? are you using a single match rule making all ports static for the entire network? Would you mind providing your pf.conf setup? Thanks.
MY goal:
Apply static-ports only to the Xbox and PS4. All other IP ports on the network should default to having port randomization.