OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: StoneFire on May 05, 2022, 05:11:19 pm
-
Hello guys, I come to you in search of wisdom as a broken and desperate man.
So my wife and I finally surrendered to Nintendo's shitty online fee in order to enjoy our newest addition to the collection. However, I was very soon met with regret in the realization that there isn't much online play to be had with a NAT type of D in Nintendo's scale from A to F where A is desirable and F can't connect to anyone.
So I started scouring the internet in an attempt to solve the problem at hand and after a day of trying to portforwarding my fiber modem's router feature I stumbled upon an article mentioning the use of OPNsense and I saw a glimpse of hope. I had previously seen an LTT video on making your own router and decided to look through what hardware I had around to see if I could build my own and to my surprise I had just the hardware to do it.
So I managed to get the hardware set up and installed OPNsense a day later. Today I've successfully integrated my ghetto router into my network setup and it's working like it was before. So I tried to follow the "guide" to the best of my knowledge while still being new to DYI routing, I've set a static lease for my Nintendo Switch, done some custom outbound NAT rules, and enabled uPnP but to my own despair nothing has improved and I'm still getting NAT type D when testing the connection on my Switch, so I'm at a loss and begging on my knees for some kind guidance in trying to solve this.
This is the "guide (https://www.bitblock.com/blog/security/69-fixing-nat-for-a-nintendo-switch-using-upnp-w-custom-configuration)" I tried to follow:
Have I done things correctly I cannot tell you, but I don't think I've done point 3 correctly so let's try from the top and work our way through it?
Kind Regards.
-
I have a happy kid here since I followed those steps from the TheForumTroll:
There are good reasons to not want to use UPnP IMO but what option is the best I wont comment further on. I will however add how it is possible to get the same result (NAT type 2) without installing UPnP via Hybrid outbound NAT.
Change IP to static on Xbox/Playstation
Firewall -> NAT -> Outbound: Set Mode to Hybrid outbound NAT rule generation
Add a new rule just below (See attached screenshot for options)
Make sure the Xbox/Playstation is allowed to communicate on the interface it is connected to (likely LAN).
That's it.
you can find it here with the attached screenshot at the end of the topic: https://forum.opnsense.org/index.php?topic=8812.0 (https://forum.opnsense.org/index.php?topic=8812.0)
Hope it fixes your problems also
-
I have a happy kid here since I followed those steps from the TheForumTroll:
There are good reasons to not want to use UPnP IMO but what option is the best I wont comment further on. I will however add how it is possible to get the same result (NAT type 2) without installing UPnP via Hybrid outbound NAT.
Change IP to static on Xbox/Playstation
Firewall -> NAT -> Outbound: Set Mode to Hybrid outbound NAT rule generation
Add a new rule just below (See attached screenshot for options)
Make sure the Xbox/Playstation is allowed to communicate on the interface it is connected to (likely LAN).
That's it.
you can find it here with the attached screenshot at the end of the topic: https://forum.opnsense.org/index.php?topic=8812.0 (https://forum.opnsense.org/index.php?topic=8812.0)
Hope it fixes your problems also
I appreciate your suggestion kind sir, but sadly I'm stuck at NAT type D still having tried his solution.
Perhaps there's something to this part that I haven't understood fully?
"Make sure the Xbox/Playstation is allowed to communicate on the interface it is connected to (likely LAN)."
Is there anything keeping the switch from doing that? It's connected wirelessly via a Nokia beacon operating in bridge mode, and it does have internet access so it is able to communicate on the interface right?
EDIT: Random thought: Do I need a static IP from my ISP in general for any of this to work?
-
Maybe asking some obvious questions, but:
- Has the fiber modem/router been set to bridge mode?
- Does WAN on OPNsense receive a public ip-address and nothing in the 10.x.x.x / 172.16.x.x / 192.168.x.x ranges?
- The Nokia beacon is connected to OPNsense?
And no, you don't need a static ip-address from your ISP
-
Maybe asking some obvious questions, but:
- Has the fiber modem/router been set to bridge mode?
- Does WAN on OPNsense receive a public ip-address and nothing in the 10.x.x.x / 172.16.x.x / 192.168.x.x ranges?
- The Nokia beacon is connected to OPNsense?
And no, you don't need a static ip-address from your ISP
Thank you for the response, let me address your questions in order:
- Yes, I've contacted my ISP and had them disable the router function of the modem as I explained I'm now using my own router.
- Given I've been able to get internet connection on all the devices on my lan I'd say I do, put for good measure how would I go about checking this to confirm it?
- Yes, the first one is connected to the router via a switch and all the devices connected to the wireless connection they provide show up in the OPNsense gui.
-
- Does WAN on OPNsense receive a public ip-address and nothing in the 10.x.x.x / 172.16.x.x / 192.168.x.x ranges?
Actually, I realize my WAN IP is showing up as 100.xxx.xx.xx, that's not a public IP is it?
-
It depends on the next number, from Wikipedia (https://en.wikipedia.org/wiki/Reserved_IP_addresses) :
100.64.0.0/10 100.64.0.0–100.127.255.255 Private network Shared address space for communications between a service provider and its subscribers when using a carrier-grade NAT.
And if that is the case, then you're out of luck as far as ipv4 connectivity is concerned. You should check with your ISP if this is the case also ask if they offer ipv6, because if all your devices are configured for it, then that might work.
As a last resort one could try a VPN service that allows port-forwarding (https://old.reddit.com/r/VPNTorrents/comments/s9f36q/list_of_vpns_that_allow_portforwarding_2022/)
-
I had similar issues and to get switch working I had to split the wifi bands, so the 5ghz was seperate from the 2.4ghz and setup on the 5ghz.
I created an alias for the switches and set it to the mac addresses, so when ip renewed they still worked.
I then created an outbound rule under NAT and set the source/destination ports to udp/* and the source to the switch alias
now get B rating for the switches and allows multiplayer over internet
-
This guide worked perfectly for me:
https://www.bitblock.com/blog/security/69-fixing-nat-for-a-nintendo-switch-using-upnp-w-custom-configuration (https://www.bitblock.com/blog/security/69-fixing-nat-for-a-nintendo-switch-using-upnp-w-custom-configuration)
buzz
-
I'm testing out OPNsense again and that link fixed my problem for my kids's Nintendo Switch, thanks buzz!