It’s been a while since I’ve played any games online with my Nintendo switch, and I quickly remembered the issues with NAT types on the Switch.
When I checked, I had a NAT type of F, which will not allow online gaming. I found the guides on setting up the Hybrid NAT rules in Pfsense, but my type was still F. I then loosened up my outgoing port rules for that VLAN, and got a NAT type of B.
After tightening them back up a bit and looking online, it looks like the UDP range 1024 through 65535 is expected for outgoing UDP traffic. Is that right? That is a ton of ports, and possibly no better than just enabling uPnP.
Do I really need such a wide range to be able to maintain this NAT type B?
the biggest issue with N.switch is that it requires static outgoing ports.
i have not used pf in years (opnsense here so should be same) but what you need to do is set hybrid outgoing NAT, designate a static IP to the switch, and then tell outgoing NAT for that IP to use static ports, outgoing.
by default pf\opn randomises the outgoing NAT port and that messes up the Nswitch royally. (especially online like MK8deluxe)
most of what is being posted about uPNP and N.switch is not correct. As long as your firewall rules allow the switch to get out (lock ports if you want to, but its a console, so … why?)
Nintendo servers simply do not like you joining a game lobby on outgoing 34567, and then starting the game on 23456, and then turning a corner on lap 2 switching to outgoing port 18845.
Can confirm that also works on OPN
Static outbound is a feature I wish more firewalls had because it requires the targeted device to send outbound once before it accepts incoming (or at least that’s my understanding)