nintendo switch what port to NAT

Started by robertkwild, February 26, 2019, 12:01:32 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 26, 2019, 12:01:32 AM
hi all,

looking at the nintendo website about what port to NAT for my switch, its not exactly helpful at all as its basically all of them?!?!?!

i was just wondering if any of you have a switch and done this before?

https://en-americas-support.nintendo.com/app/answers/detail/a_id/22272/~/how-to-set-up-a-routers-port-forwarding-for-a-nintendo-switch-console

cheers,

rob
February 26, 2019, 05:10:27 AM #1
Your better option it to have at least one dedicated VLAN for IoT devices. Having it on your LAN is a security risk.

The information in the link basically tells you in the clear that it's rather poor security to make it work
QuoteImportant:

    While Nintendo provides this information for our consumers' use, it is up to each consumer to determine what security needs they have for their own networks, and to decide how best to configure their network settings to meet those needs.
   
February 26, 2019, 12:58:43 PM #2 Last Edit: February 26, 2019, 01:05:03 PM by robertkwild
do you mean have a new VLAN ie DMZ and on the DMZ network enable upnp

i have no idea what ports the nintendo switch needs, i did monitor via (interfaces > diagnostics > packet capture) and created a rule for the ports specified but it didnt work

im not going to allow the full range on my LAN as your right massive security hole
February 26, 2019, 04:38:24 PM #3
February 26, 2019, 04:56:30 PM #4 Last Edit: February 26, 2019, 05:02:21 PM by chemlud
"Within the port range, enter the starting port and the ending port to forward. For the Nintendo Switch console, this is port 1 through 65535."

AB-SO-LUTE-LY cool! Must have on my network 8-o)


____


As a starter:

https://www.reddit.com/r/NintendoSwitch/comments/6qjhjy/i_have_figured_out_the_actual_range_of_ports_to/


https://forum.netgate.com/topic/112631/nintendo-switch-needs-static-port-on-its-outbound-nat
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
February 27, 2019, 12:11:59 AM #5
All in. Or perhaps "all out".  8)


Cheers,
Franco
February 27, 2019, 06:04:18 PM #6
i didnt have to do a port-forward/NAT at all

all i have done is as follows -

add a new network called DMZ on my opnsense firewall

put my wireless access point on the DMZ

connect my switch to my wap

reserve the switch's IP on the DHCP server so its static

create a manual outbound NAT for my switches IP but make sure you check "static port"

after that i got a NAT score of B and not D anymore so i can now play online

if i didnt create an outbound NAT rule and just put it on the DMZ i still got a NAT score of D
February 28, 2019, 07:10:08 AM #7
Congrats, that's a better approach for sure.

If at all possible though use a VLAN assigned to the IoT WLAN which has the Nintendo, and at least another VLAN/WLAN pair which has more sensitive devices, like phones etc.

Last but not least, at the very minimum have a Deny ANY Source IoT Net - Dest LAN/other VLANs set of rules. Basically make sure the Nintendo only goes out to the internet and nothing more.
Print
Go Up Pages1
User actions