Before we begin, know that This subnet is NOT SECURE and should only be used for certain things that absolutely require Open NAT and UPNP like game consoles, old PC games, or other insecure things. I would strongly advise setting up an Intrusion Detection system or Intrusion Prevention System like suricata. It will allow any device to open a port on the firewall and allow any connection inbound. I initially set this up because I was having issues with Command an Conquer games with C&C online, Anno 2070, and Xbox live. Make sure to isolate this network to only itself, as it is a security problem if you allow a device on this network to access your internal networks (I go over this).
I’ll leave this one to you. My interface is named DMZ. I have mine setup as a vlan, but a physical interface is better, more secure, and easier to manage.
Firewall -> Rules -> Aliases -> IP
Network or FQDN: 10.0.0.0 / 8
172.16.0.0 / 12
192.168.0.0 / 16
Firewall -> Rules -> DMZ -> Add
Address Family: IPv4+IPv6
Source: DMZ net
Destination: Check invert match
Single host or Alias
Description: Don’t allow DMZ to connect to internal IP addresses.
Services -> UPnP & NAT-PMP
UPnP Port Mapping: Check
NAT-PMP Port Mapping: Check
External Interface: DMZ
ACL Entries: allow 1024-65535 192.168.69.1/24 1024-65535
System -> Advanced -> Firewall and NAT
Scroll down to Network Address Translation
NAT Reflection mode for port forwards: Pure Nat
Enable NAT Reflection for 1:1 NAT: Checked
Enable automatic outbound NAT for Reflection: Checked
Firewall -> NAT -> Outbound
Set to Hybrid
Source: Network | 192.168.69.0 / 24
Address: Interface Address
port or range: Check Static Port.
Finally, reset the state table. This will apply our NAT rules.
Diagnostics -> States -> Reset States
State Table: Check
Then press reset. This should take a min or so and will cause a brief network disruption.
You should be good to go now. If you have any issues please post them down below. If its not working manually add port forward, That should fix it.