This makes your games on game consoles run with fewer hiccups. A lower NAT type (say NAT C/D on Nintendo Switch, NAT Type 3, or even "failed") will prevent P2P connections with other players.
Typical scenarios include:
- Voice chatting on most games
- Visiting other players' islands on Animal Crossing
- Video meetings
- Remote play
- Xbox game streaming
- PlayStation Remote Play
- PC remote desktop or game streaming
A typical suggestion from game consoles would be enabling port forwarding on your router:
Within the port range, enter the starting port and the ending port to forward. For the Nintendo Switch console, this is port 1 through 65535.
— from Nintendo Customer Support
Yes, it indeed works, to some extent. However, this kind of static port mapping is EXCLUSIVE and will prevent any other devices in your network from using these ports properly. In other words, only one of your devices will be able to achieve a higher level of NAT.
Another similar solution called "DMZ" is effectively similar to forwarding all possible ports like above.
What if I want more than one console or device with a higher level of NAT type? Is this even possible?
Before we jump to the conclusion, let's recall what NAT means:
Network address translation (NAT) is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. (Wikipedia)
In other words, a connection from your intranet device will be mapped and altered before released to the Internet. For the target server, the connection will be seemingly come from your router's Internet IP address instead of the actual intranet address your device possesses, with this change the server will be able to send the data back to your router, then eventually to your device.
This seems straightforward for one connection with one server, but for the cases when multiple servers exist, how do we maintain that mapping of connections? As the game consoles suggest, there will be multiple types of limits for NAT mapping.
Among all kinds of NAT types, the Full-cone NAT is the one with the least restrictions. Let me borrow the image from Wikipedia again:
Full-cone NAT, also known as one-to-one NAT Once an internal address (iAddr:iPort) is mapped to an external address (eAddr:ePort), any packets from iAddr:iPort are sent through eAddr:ePort. Any external host can send packets to iAddr:iPort by sending packets to eAddr:ePort.
In English, when a port on one device is mapped on an external port of your router, any other server can talk to the device through that port. This effectively exposes the device's port automatically, and from the servers' perspective, your router is openly creating connections by itself.
My home router is a x86 box running Linux. Thankfully, there is one guy implemented a full-cone NAT on top of iptables:
Let's just install that on my router:
git clone git://git.netfilter.org/iptables.git
For the module itself:
git clone https://github.com/Chion82/netfilter-full-cone-nat.git
cd netfilter-full-cone-nat make insmod xt_FULLCONENET.ko # lsmod to see if xt_FULLCONENAT exists lsmod |grep xt_FULLCONENAT # you should see something like # xt_FULLCONENAT 40960 0 # nf_nat 49152 3 xt_FULLCONENAT,iptable_nat,xt_MASQUERADE # nf_conntrack 163840 3 nf_nat,xt_FULLCONENAT,xt_MASQUERADE # x_tables 49152 4 iptable_filter,xt_FULLCONENAT,ip_tables,xt_MASQUERADE
cp ./netfilter-full-cone-nat/libipt_FULLCONENAT.c ./iptables/extensions cd ./iptables ./autogen.sh # check where your iptables resides which iptables ./configure --prefix '/usr/bin' # replace the prefix with the parent path above make make install
You may also want to make it loaded automatically, check Automatic module loading with systemd on Archlinux wiki for a possible approach.
iptables -t nat -A POSTROUTING -o eth0 -j FULLCONENAT iptables -t nat -A PREROUTING -i eth0 -j FULLCONENAT # remember to confirm everything works before doing iptables-save
- The scripts above are for illustration only, not the exact one I used, don't just copy it since I don't know what distro you're using. Also please refer to the official readme
- You might have missing dependencies while building, try installing the
base-develequivalents of your distro or the ones you're missing
iptablescomplains, check if you're using
- I hope you know what you're doing
Some routers may have full-cone NAT as a switch in the firmware, OpenWrt also supports it. Try finding it in the web UI or opkg packages.
If everything works, all your devices should have a open NAT type at the same time, just like mine, cheers 🎉