Few things are more frustrating than joining a game lobby, starting a video call, or trying to host a session only to be stopped by a “NAT Type: Restricted” message. NAT issues can make online services feel random: sometimes you connect instantly, and other times voice chat fails, matchmaking crawls, or friends cannot join your game. The good news is that restricted NAT problems are usually fixable with a few router, console, or PC network adjustments.
TLDR: A restricted NAT type usually means your router or network is blocking some incoming connections. The quickest fixes are to restart your router, enable UPnP, assign a static local IP, or forward the required ports for your device or game. If you are behind double NAT or carrier grade NAT, you may need to change modem/router settings or contact your ISP. Always make changes carefully, because opening ports can affect network security.
What NAT Type Restricted Actually Means
NAT stands for Network Address Translation. It is the system your router uses to let multiple devices in your home share one public internet address. Most of the time, NAT works silently in the background. However, online games, peer to peer apps, voice chat, and remote connections often need a more direct route between devices.
When your NAT type is listed as restricted, moderate, or strict, it generally means your device can connect outward, but other devices may have trouble connecting back to it. This can cause symptoms such as:
- Long matchmaking times
- Failed party or voice chat connections
- Inability to host multiplayer games
- Frequent disconnects from online sessions
- Friends being unable to join your lobby

Step 1: Restart Your Network Equipment
It sounds basic, but a full restart often clears temporary routing problems. Turn off your gaming console, PC, or streaming device. Then unplug your router and modem from power for at least 30 to 60 seconds. Plug the modem back in first, wait until it is fully online, then reconnect the router.
After everything restarts, run a network test on your console or computer. If the NAT status improves, the issue may have been caused by a temporary routing table error or stale connection. If it remains restricted, move on to the next steps.
Step 2: Enable UPnP on Your Router
UPnP, or Universal Plug and Play, allows devices on your network to automatically request the ports they need. For many households, this is the easiest fix for restricted NAT because it avoids manually entering port numbers.
To enable UPnP:
- Open a browser and enter your router’s IP address, often 192.168.0.1 or 192.168.1.1.
- Log in with your router username and password.
- Look for sections such as Advanced, NAT Forwarding, WAN, or Network Settings.
- Find UPnP and switch it on.
- Save changes and restart the router.
UPnP is convenient, especially for consoles, but it can be less secure if untrusted devices are on your network. Use a strong Wi Fi password and avoid allowing unknown devices to connect.
Step 3: Assign a Static Local IP Address
If your device’s local IP address changes, any NAT settings you create may stop working. Assigning a static IP inside your home network keeps your console or PC at the same address every time it connects.
You can usually do this in one of two ways. The preferred method is through your router using a feature called DHCP reservation or address reservation. Find your device in the connected devices list, then reserve its current IP. This avoids conflicts and keeps setup simple.
For example, your console might always receive an address like 192.168.1.50. Once that address stays fixed, you can safely apply port forwarding rules to it.
Step 4: Forward the Correct Ports
Port forwarding tells your router that specific types of incoming traffic should be sent directly to one device. This is one of the most reliable ways to fix restricted NAT, especially when UPnP does not work.
The exact ports depend on the platform or game. For example, Xbox, PlayStation, Nintendo Switch, Steam, and individual games may each require different TCP or UDP ports. Check the official support page for your service before entering anything.
The general process looks like this:
- Give your device a static local IP address.
- Log in to your router admin panel.
- Find Port Forwarding, Virtual Server, or NAT Rules.
- Enter the required port numbers and protocol, such as TCP, UDP, or both.
- Point those rules to your device’s static IP address.
- Save the changes and restart the device and router.
Avoid forwarding random ports from unofficial guides. Opening unnecessary ports can expose your network to unwanted traffic. Keep your rules limited to the specific device and service you need.
Step 5: Check for Double NAT
Double NAT happens when two devices on your network are both acting as routers. This is common when an ISP modem router is connected to a separate personal router. Your device may be hidden behind two layers of NAT, making inbound connections harder.
Signs of double NAT include a restricted NAT type even after enabling UPnP or port forwarding, or a router WAN address that starts with private ranges such as 192.168.x.x, 10.x.x.x, or 172.16.x.x to 172.31.x.x.
To fix double NAT, you can:
- Put the ISP gateway into bridge mode.
- Use only one router and disable routing features on the other device.
- Connect your console or PC directly to the main router.
- Ask your ISP for help if bridge mode is locked.
Step 6: Consider Carrier Grade NAT
If you have tried everything and NAT is still restricted, your ISP may be using Carrier Grade NAT, often called CGNAT. This means you do not have your own unique public IPv4 address. Instead, multiple customers share one public address, which can prevent port forwarding from working at all.
You can check this by comparing your router’s WAN IP address with the public IP shown on a “what is my IP” website. If they are different, and your router’s WAN IP falls within private or shared ranges, CGNAT may be involved.
The solution is usually to contact your ISP and ask for one of the following:
- A public IPv4 address
- A static IP address
- Removal from CGNAT, if available
- IPv6 support, if the service or game supports it properly
Step 7: Use DMZ Only as a Last Resort
Some routers offer a DMZ option, which forwards most incoming traffic to one device. This can quickly change NAT from restricted to open, but it also increases exposure. If you use DMZ, apply it only to a console when necessary, not to a general purpose PC with sensitive files.
Before using DMZ, try UPnP, port forwarding, and double NAT fixes first. If you do enable it, keep your device updated and remove the DMZ setting when you no longer need it.
Final Checks and Best Practices
After making changes, always restart your router and the affected device. Then run the built in network test on your console, game launcher, or application. If the NAT type improves, test voice chat, matchmaking, and hosting to confirm the real world problem is solved.
For the best long term results, keep your router firmware updated, use a wired Ethernet connection when possible, and avoid stacking multiple routers unless you understand the setup. NAT problems may seem technical, but they usually come down to one simple goal: giving your device a clear, safe path to communicate with the outside world.
With the right combination of UPnP, static IP assignment, port forwarding, and ISP support when needed, a restricted NAT type can often be turned into an open and reliable connection.
