_only_? That’s, give or take, ⅓ of the full range. If everything in your network did something similar, you couldn’t have more than 3 devices in your network (and with 3, the stars would have to align for there to be no overlap between the ranges. If, for example, your tv needs 15000-35000, the largest contiguous range remaining would have about 15000 ports.
Try getting ~10 years old uplay game to work and despair. Not sure what network engine they used at the time but there is an entire set of games that basically can't connect properly without using random ports anywhere in the 10k/60k range, it's ridiculous.
And let's not ever talk about two people in the same home playing the same game together. I loved splinter cell blacklist's multiplayer but damn did it take long to get anything connected.
I'm not even sure why I mean this was with internet gaming already being the norm, I assume it's because they made games for console and then ported, and on console port issue are handled for them or whatever ? Anyway this was stupid
"And let's not ever talk about two people in the same home playing the same game together."
This is my fiance and I constantly struggling with Halo:MCC. At least once a night one of us fails to join a game, and I'm convinced it's some poor NAT punch through solution that doesn't always work.
Most readers of HN will understand (or at least understand the goal of) the checklist for debugging network issues.
Skipping straight to Port Forwarding eliminates any issues on whether UPnP is actually working correctly. Growing up, some of my friends had routers struggled to handle UPnP correctly. If I knew they were the only one needing port forwarding, I'd simply turn that on for them instead of trying to figure out if UPnP was actually working correctly.
Even a restricted NAT should allow for this without explicit port forwarding configuration?
Unless you're doing something like active FTP where it's replying to a different port than the one the request originated from. Which would be a interesting choice for a console designed in like 2018.
It’s a firewall thing not a batting thing. You need a stateful firewall to do that kind of smart port forwarding. Which, to be fair, all consumer routers should have.
Stateless firewalls, however, need to have explicit rules for UDP traffic. So that’s what Nintendo are addressing here.
NAT functionality especially for UDP can be incredibly flaky in a lot of consumer hardware, mangling payloads, randomly dropping associations or having extremely short timeouts, and other plain buggy behaviour.
Although I will say that if you are forwarding all ports, at least it’s to a device you know about. Not some random IoT or PC software or whatever opening up ports without your knowledge.
UPnP is a security risk (as is forwarding all UDP ports to a single device). Nintendo should set up STUN servers so the Switch can do UDP hole punching.
Enabling UPnP on your router enables a malicious app to permanently forward ports from the outside to the inside. The malicious app could also forward ports to other devices on your network. For example, installing a bit of malware on your laptop could set up a port forwarding rule from the internet to your NAS's web interface.
UDP hole punching via STUN requires continuous work on the part of a malicious app to keep that port open. Work that could be noticed much easier than a rogue UPnP-using bit of malware. And it can't open ports to other devices on your network.
The most common problem I have seen over and over is double NAT or CGNAT. For the home networks I manage (my parents, in-laws, and my own), I put the ISP modems in bridge mode or passthrough mode.