Advancedtomato, NAT and Nintendo Switch

Discussion in 'Tomato Firmware' started by LancedBoyle, Feb 23, 2019.

  1. LancedBoyle

    LancedBoyle New Member Member

    So I've been trying to get the NAT setting on the router for the switch to change from C to A so we can play online. I have tried to set up the DMZ, as many of the online tutorials suggest, I've also tried port forwarding, as the other online tutorials have suggested. I've set up a dedicated ip address for the switch as all the tutorials have instructed. I get no love from the router.

    Does anyone know how to configure an advancedtomato firmware router so that my nintendo switch NAT setting will go from C to A.

    Thank you for your help. Lance
     
  2. rs232

    rs232 Network Guru Member


    What does C to A means?
    Regardless, I assume you need a port mapping of sort. Forget about DMZ, Head straight into the port forwarding is all you need.
    This can be achieved via upnp (if enabled on tomato and the end device supports it) and respects DHCP allocations within the LAN.
    Alternatively you can assign the end device a static IP (or statically assigned IP via DHCP) and map the port manually.

    If you still have issues post the screenshots please.
     
  3. ruggerof

    ruggerof Network Guru Member

    I guess you are double natting, i.e. your freshtomato router connected to another router. You need setup DMZ in the other router and port forward/ mapping in the tomato router.
     
  4. LancedBoyle

    LancedBoyle New Member Member

    Thanks rs232

    I found this on Reddit. It explains the NAT types.

    Can anyone translate full-cone or restriced (sic)-cone to the advanced tomato settings?

    "NAT Types and connection problems explained
    [​IMG]
    I finished CCNA (Cisco Certified Network Associate), which essentially means I know a lot about networking.


    Anyways, I finally figured out what the different NAT Types on the switch stand for. Nintendo uses a STUN server so no port-forwarding is needed if your network is setup right. Check here for more information about STUN

    Simply put, Nintendo seems to use the definition of full-cone, restriced cone, port-limited cone and symmetric nat. Modern routers use a mix of all of these, and they shouldn't be used as measure anymore, but Nintendo doesn't care. (They don't have servers, not even via P2P lol).


    NAT Type A

    This is simply a full-cone nat, which means you get a 1:1 mapping on ports, and incoming connections aren't blocked. Not needed for hosting a game in Splatoon 2 (contrary to popular belief)


    NAT Type B

    Restriced cone nat, which means the connection has to be established from a user behind the nat. Basically connections cannot be established from an incoming source, hence your console has to connect to Nintendo's STUN server. If you have this, you can play Splatoon 2 just fine.


    NAT Type C

    This takes a restricted cone nat, and adds another restriction so that only the port the connection was established on can be used (The port cannot be changed later on). As I've discovered that Splatoon likes to use random ports for whatever reason, this simply can't work.


    NAT Type D

    If you have NAT Type D, you're probably behind a connection already natted by your ISP. (Check for 10.* or 192.* IP). As far as I'm concerned, NAT Type D can mean two things: A combination of port-limited cone NAT and symmetric NAT orsimply failure to do anything.

    What's a symmetric NAT?

    A symmetric NAT is used to ensure multiple users can still use the same external service. Simply put, ports get randomized. Say, you're hosting a game on Port 40000. You use STUN so people can connect without a port forward. Now, a Symmetric NAT randomized Ports. The STUN server knows your game is hosted on Port 40000. Another user tries to join your game via Port 40000 like the STUN server knows, but your Symmetric NAT has turned it into another Port. (Like 40001). Since the other user only knows about Port 40000, he cannot connect."
     
  5. LancedBoyle

    LancedBoyle New Member Member

    I don't have the router connected to another router only to the fiber optic modem. Here is the overview listing on my router. I can take other screenshots if that would help isolate the issue. Cheers and thanks for your help.

    [​IMG]
     
  6. rs232

    rs232 Network Guru Member

    I assume what @ruggerof meant is: make sure your tomato device has a public IP on the WAN interface, if not this is likely not to work.

    In regards your post, I feel like you are looking too deep. For SOHO devices like tomato it's way simplier. You LAN device runs an application, that application works on a specific port (UDP or TCP usually), all you need is to map that port on the router to pass over what is received on that port to your LAN device.

    After this concept is understood re-read my post above that's all you need.

    P.S. I can't see your images above can you re-upload please? Also provide the Ip of the nintendo and the port it uses (if known)
     
  7. LancedBoyle

    LancedBoyle New Member Member

    image is up now ( had trouble posting it) I've removed the static ip from the Switch so I could get back to square one.
     
  8. rs232

    rs232 Network Guru Member

    ok and the port forwarding pages (both basic and uPnP)?
    Also what's your end device IP (even if DHCP) and application port?

    P.S. I don't see any port connected to tomato is the nintento connected via wifi?
     
  9. LancedBoyle

    LancedBoyle New Member Member

    Hi sorry for being AWOL, things got busy, people got sick, my brain cells are deteriorating and memory is fading, but the kids are nagging again so hopefully we can pick up where we left off. I have reread the above post rs232 #2 post and believe I am still not understanding how it all works. here are some screen shots of other settings I've got. [​IMG]



    [​IMG]

    [​IMG]

    [​IMG]

    some other information from the Switch. It says it's global ip address is 158.174.8.74 (I put this as the port forwarding srs address in the first image in this post, which I know is incorrect but I had reach the point where I tried anything to see what would stick). It also says it's ip address is 192.168.1.56 and the gateway is 192.168.1.1 and primary and secondary dns are 209.222.18.222 and .218.

    I believe I have assigned a static ip address to the switch by clicking on the static button in the last image and entering the ip address but I'm not betting the house on it.

    Any insight would be greatly appreciated and a relief to my muddled brain. Please let me know if you need other data to clarify the current situtation. Cheers

    Ps one of my images does not seem to want to upload. It is a shot of the DMZ settings and shows that DMZ is enabled, the destination address is 192.168.1.0 and destination interface is LAN(br0) and there is no source address restriction.
     
    Last edited: Apr 8, 2019
  10. rs232

    rs232 Network Guru Member

    I really know nothing about Nintendo Switch but what I can tell you is:

    - I have never used the source IP in port forwarding so can't comment if it actually works or not
    - On paper what you did is right just make sure the IPs are matching
    - are you sure the traffic is UDP only?
    - Do disable DMZ I have never heard of anybody having any success with it. It should point to an IP regardless not a subnet... and even if it was that's not what you need I'd say

    Finally (and most importantly) enabling upnp for LAN is likely to make this working automatically without any static configuration needed.

    Give it a go.
     
  11. LancedBoyle

    LancedBoyle New Member Member

    rs232 thanks for the quick reply. I got rid of DMZ and have switched the traffic to both udp and tcp and removed the src ip address. Here's the new pix.
    [​IMG]
    I'm not sure what you mean by 'make sure the ips are matching'. Where?

    I also enabled upnp for LAN (see pix)
    [​IMG]
    A couple of things I wonder about. In the upnp/Nat window above my plex media server is set up, I think automatically (I don't remember doing that) so should I see the switch there too? and on the left there is a page called triggered. Is that something I need to do something to?

    Again thanks.
     
  12. rs232

    rs232 Network Guru Member

    Yes Plex uses upnp by default and you should be seen the mapping in there. If you don't want Plex to map anything add this under Miniupnpd Custom configuration:
    deny 0-65535 192.168.1.2/32 0-65535 (or whatever is your plex IP)
    Do not mix and match static mapping and upnp for the same application/host, so either not both.

    I can't comment without seeing but the fact that upnp was disabled and DMZ enabled makes me thing that you went attempting "many" things. So you probably have few unwanted leftovers in your config. I'm wondering if resetting the router would be the best option for you before progressing any further
     
    Last edited: Apr 8, 2019
  13. LancedBoyle

    LancedBoyle New Member Member

    Hi so I did a complete reset and then enable upnp and I believe set a static ip address for the switch under DHCP (see) pic).
    [​IMG]

    [​IMG]

    [​IMG]

    I noticed that there is a Static routing table setting under Routing (see pic)
    [​IMG]

    and wonder if I should be using that instead for my static ip address. According to what I've read online about setting the switch up the protocol should be udp. I'm not sure what you mean about not mixing static mapping and upnp. Are you saying either a static ip address for the switch or activating upnp but not doing both at the same time? One other thing that has me puzzled is Global Ip address on the connection test on the switch (this is a test run on the switch that provides info on the connection, ie, ssid download and upload speeds as well as NAT type and Global IP address) The Global IP address (it starts with 158.174.8.xx) is different from all the other ip addresses I see on the router or switch. The switch provides the test connection (which gives the above information) as well as connection status which provides the device info (ie, MAC address, security type, channel, ip address (192.168.1.56)). Is the global ip address from the connection test what is broadcasted to the outside world? Should I be assigning the static ip address to that?
     
  14. rs232

    rs232 Network Guru Member

    Ok, let me step back on this topic.

    I have just google nintendo switch port forwarding and found this:
    https://butterflydroid.wordpress.com/2018/08/08/port-forwarding-in-nintendo-switch/

    My feeling is that this device does some "strange" network operation and perhaps doesn't even support upnp. If what I read is right her is correcte, you probably don't need upnp (no harm leaving it on any ways) and you are expected to manually forward ten of thousand of ports to the device as you did few posts above. Some other links suggest you forward port range 1-65535 which is what a DMZ does. Really weird what it takes to make this working. However since you now have a clear tomato config do as follow

    - First of all do check that the Nintendo has DHCP enabled and not statically assigned IP. Also check that the iP given is .54
    - create a static port forwarding entry:- I would not specify the source IP (for the time being) just UDP port range 45000 till 65535 to 192.168.1.54

    I doubt you need anything else. See how it goes
     
  15. LancedBoyle

    LancedBoyle New Member Member

    I'll give it another go. You've been really helpful and I appreciate it. Cheers.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice