2020-04-28 15:55:30
Nintendo Switch NAT Type C Solution
Recently I purchased a Nintendo Switch and wanted to be able to play online with friends. After running the Internet test and seeing that the Switch determined my network was a NAT Type C, that wasn't possible. Only NAT Type A or NAT Type B can play online due to the awful way Nintendo designed their online services.If your router supports it, the way to ensure you have zero problems is to fully put your Switch in a DMZ (full port forwarding), where it's 100% exposed to the public internet. That will ensure everyone can connect to your Switch (even hackers).
Nintendo's second recommendation is to forward _all_ UDP ports to your Switch, which is insane. As it turns out, this isn't even the actual solution. All that is necessary to get to NAT Type B is to ensure your Switch is hitting the internet using Static-NAT (no port translation/remapping). By default, all routers do port translation (source port remapping) with NAT, so this breaks Nintendo's online service.
I have a Check Point 620 for my firewall/router and it doesn't have the ability to fully put anything into a DMZ nor does it have any options to disable source port remapping like some firewalls do. But I was able to find a solution that achieved Static NAT without forwarding 65535 UDP ports (because ports don't actually have to be forwarded to get to NAT Type B).
To do this on the 620, follow these steps:
- Access Policy > Servers > New
- Server Type > Other Server > UDP > 65535
- This doesn't do anything for your Switch, you just need at least 1 forwarded port to make a Server
- Server Definitions > Give it a name and IP address on your network, then check the "Reserve..." box and enter your Switch's MAC address so the IP is reserved
- Access > All Zones
- NAT > Static NAT: [manually type your modem's public IP here] and check the box for "Hide..."
The downside to this approach is that each time your ISP renews your DHCP lease your public IP changes and you'll have to modify the Server on the Check Point with the new address. The Server rule has no way of configuring the Static NAT to use "This Gateway" as the address like other rules do.
So that's it! Happy NAT Type B'ing!
Back