OPNsense Forum

English Forums => General Discussion => Topic started by: robertkwild on February 26, 2019, 12:01:32 am

Title: nintendo switch what port to NAT
Post by: robertkwild on February 26, 2019, 12:01:32 am

hi all,

looking at the nintendo website about what port to NAT for my switch, its not exactly helpful at all as its basically all of them?!?!?!

i was just wondering if any of you have a switch and done this before?

https://en-americas-support.nintendo.com/app/answers/detail/a_id/22272/~/how-to-set-up-a-routers-port-forwarding-for-a-nintendo-switch-console

cheers,

rob

Title: Re: nintendo switch what port to NAT
Post by: newsense on February 26, 2019, 05:10:27 am

Your better option it to have at least one dedicated VLAN for IoT devices. Having it on your LAN is a security risk.

The information in the link basically tells you in the clear that it's rather poor security to make it work

Quote

Important:

    While Nintendo provides this information for our consumers' use, it is up to each consumer to determine what security needs they have for their own networks, and to decide how best to configure their network settings to meet those needs.
   

Title: Re: nintendo switch what port to NAT
Post by: robertkwild on February 26, 2019, 12:58:43 pm

do you mean have a new VLAN ie DMZ and on the DMZ network enable upnp

i have no idea what ports the nintendo switch needs, i did monitor via (interfaces > diagnostics > packet capture) and created a rule for the ports specified but it didnt work

im not going to allow the full range on my LAN as your right massive security hole

Title: Re: nintendo switch what port to NAT
Post by: robertkwild on February 26, 2019, 04:38:24 pm

think i need to do this -

https://digiex.net/threads/pfsense-step-by-step-guide-to-multiple-xbox-ones-open-nat-play-together-2-3-x.15094/

Title: Re: nintendo switch what port to NAT
Post by: chemlud on February 26, 2019, 04:56:30 pm

"Within the port range, enter the starting port and the ending port to forward. For the Nintendo Switch console, this is port 1 through 65535."

AB-SO-LUTE-LY cool! Must have on my network 8-o)


____


As a starter:

https://www.reddit.com/r/NintendoSwitch/comments/6qjhjy/i_have_figured_out_the_actual_range_of_ports_to/


https://forum.netgate.com/topic/112631/nintendo-switch-needs-static-port-on-its-outbound-nat

Title: Re: nintendo switch what port to NAT
Post by: franco on February 27, 2019, 12:11:59 am

All in. Or perhaps "all out".  8)


Cheers,
Franco

Title: Re: nintendo switch what port to NAT
Post by: robertkwild on February 27, 2019, 06:04:18 pm

i didnt have to do a port-forward/NAT at all

all i have done is as follows -

add a new network called DMZ on my opnsense firewall

put my wireless access point on the DMZ

connect my switch to my wap

reserve the switch's IP on the DHCP server so its static

create a manual outbound NAT for my switches IP but make sure you check "static port"

after that i got a NAT score of B and not D anymore so i can now play online

if i didnt create an outbound NAT rule and just put it on the DMZ i still got a NAT score of D

Title: Re: nintendo switch what port to NAT
Post by: newsense on February 28, 2019, 07:10:08 am

Congrats, that's a better approach for sure.

If at all possible though use a VLAN assigned to the IoT WLAN which has the Nintendo, and at least another VLAN/WLAN pair which has more sensitive devices, like phones etc.

Last but not least, at the very minimum have a Deny ANY Source IoT Net - Dest LAN/other VLANs set of rules. Basically make sure the Nintendo only goes out to the internet and nothing more.