Haven't had to use port forwarding for gaming in like 30 or so years, so I just looked up Nintendo's website...
Within the port range, enter the starting port and the ending port to forward. For the Nintendo Switch console, this is port 1024 through 65535
LMAO, no thanks, that's not happening.
For your question, you could likely route everything through a tunnel and manage the port forwarding on the other end of the tunnel.
Why not also remove the password from my wifi while im at it?
Relax guys. It’s a Nintendo Switch, those things never get hacked.
WTF? Nintendo wants you to get that wide open? 🤣
I actually gave it 44000-65535 and it's connecting well. That's another reason why I wanted a more robust network: IOT VLAN to segregate that risk.
That's how I have it at home. 6 VLANs total. Even IoT and Media/games are separated from each other.
https://github.com/fatedier/frp seems to be designed for such cases, but I have not tried it myself.
I have been using it for the last 3 months to expose services from my home internet (plex, wireguard, etc.) through a VPS and I'm pretty happy with it. It's relatively simple to set up, I haven't had any outages so far, and it's nice that it supports UDP port forwarding as well as TCP (for wireguard).
It's not self-hosted, but Tailscale funnels are also an option.
What this guy says.
If you wanted to go the vps route, I have a 3GB KVM with racknerd that's $28/year. Tailscale + tunnels, and bob's your uncle
You can selfhost it on a vps with headscale
I don't think headscale supports funnels.
True, but you can just run a reverse proxy on the VPS and not use funnels.
That is true, I didn't consider that as I don't use them.
Option b of course, rent cheapest vps, ionos.ca offers plans for 2$ per month, it'll be cheaper than Google fiber, you can also use sshuttle https://github.com/sshuttle/sshuttle on your openwrt router and connect everything to it be it by cable or wireless, then Nintendo gaming will also have that port forwarding because your whole traffic is going to go through vps
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| AP | WiFi Access Point |
| HTTP | Hypertext Transfer Protocol, the Web |
| IP | Internet Protocol |
| IoT | Internet of Things for device controllers |
| NAT | Network Address Translation |
| PoE | Power over Ethernet |
| TCP | Transmission Control Protocol, most often over IP |
| UDP | User Datagram Protocol, for real-time communications |
| VPN | Virtual Private Network |
| VPS | Virtual Private Server (opposed to shared hosting) |
| nginx | Popular HTTP server |
11 acronyms in this thread; the most compressed thread commented on today has 12 acronyms.
[Thread #843 for this sub, first seen 2nd Jul 2024, 12:15] [FAQ] [Full list] [Contact] [Source code]
Option A modified: get a router, install OpenWRT, install wireguard, get a VPS, create a tunnel, profit
Or with opnsense as well
Yeah any FOSS OS that can do a router
If there providing IPv6 to you, port forwarding shouldn't be necessary most of the time for online gaming.
Are they allowing UPnP upstream?
This. 100% this. Ipv6 underrated.
Assuming the Switch supports ipv6, and given how backward Nintendo's tech tends to be, it wouldn't surprise me if they didn't.
Although at least nintendo.com has an AAAA record.
If the HOA's router supports UPnP/NAT-PMP/PCP then you might be able to use that to get some ports forwarded.
The setup is very strange. They don't provide a router. They took the old phone lines going to each unit (which appears to have been done in Cat5 decades ago) and put an RJ-45 end on it. That plugs into a POE powered wireless access point with two more ports on it. Plugging my laptop in, the gateway does not respond to HTTP requests. The tech who installed it said I have to call the home office to change my wireless password. I got them to disable the wireless so I could put my router on the other end but I'm either running on a network that my shady small time ISP has full control over or I'm behind a double NAT. Speeds were 900+ up and down though.
I might see if I can get the AP re-enabled and let the switch connect to it directly if that even fixes the Switch's NAT issues.
Sorry you have to deal with this. I know it wasn't in your list of options, but you could attend HOA meetings, bring up the internet issue and see if they'll change the current setup, or you could get elected to an HOA board and start pulling the strings of change. That's more of a long-term goal though.
That's an interesting concept. I bought two weeks ago when they still had cable modems and a setup I know I could have worked with. I'm politically active so getting on the board should be an option. However, what's in the best interest of the vast, vast majority of the owners? Your standard service that requires complex gateways and running coax all over your apartment with hardware rental fees and TV number and location limits, or a system where your smart TV can connect anywhere and your iPhone can always get onto Facebook and there's a 24/7 tech support line to change your WiFi password for you? If it costs each owner $1 more per month (500 units) for my preferred network architecture so three residents can save $70 per month ($210) I would be failing in my fiduciary duty by charging the masses more so a select few can self host. We are the minority and the rest don't care.
I think you need to find out what kind of connection you actually have. I mean, it's unlikely you've got a dedicated ethernet cable to the ISP.
Where does that ethernet line actually go?
Have you run some basic traceroutes, at least?
Smartaira fiber. Best I can gather they're using a a managed switch and segmenting each port. Probably per floor. They sprcialize in large scale wifi deployment and that's what they're doing. It's a genius way to provide basic web access with a minimal hardware footprint for the provider and no hardware but a POE AP for the users. It just sucks for those of us who know better.
I have personally gone the VPN route with wireguard. Right now I have it setup so that all of my servers connect to my wireguard server on the VPS. Then I simply either just point my reverse proxy at the wireguard IP address or setup a forwarding rule in IP tables. Also try to get a VPS that is located close as it will reduce the ping times if that is important to you. I also recommend that you keep services which you only need to like ssh not forwarded and either use tailscale or wireguard to connect when you need to. With regards to the switch it is theoretically possible to setup a special access point with port forwarding through a VPN but it is much more complicated. It might be easier to accomplish this with a more traditional VPN service as some providers specifically cater to individuals looking to use a VPN for online play.
VPS + VPN is the cheapest option I believe for the services. It doesn't have to be "elaborated".
You can port-forward public VPS ports to your private addresses/ports. If you don't want to use iptables you can use firewalld.
The only "but" will be latency. For gaming it won't perform as you may need.
Set up a cheap VPS on DigitalOcean or the like, and run a Tailscale exit node. Put Tailscale on your devices at home (or get a 2nd router that allows you to run Tailscale on it) and join them to the same Tailnet. That’s the easiest way to accomplish this without getting too far into the weeds.
I’m currently running option B since I had the same issue where I was living when I built my server. I have a DigitalOcean vps and an openvpn tunnel between that and my home server, and the vps just forwards and masquerades all traffic. I’ve definitely had issues with speeds, and in the past it’s fluctuated so could’ve been an issue with something besides the vpn. It’s been a while since I’ve used it for streaming or game servers, but last I remember the speed wasn’t too bad. Playing factorio there was some noticeable latency but still playable although other games might not work as well. I’ve also done self-hosted broadcasts using owncast and that worked fine.
Tailscale, cloudflared tunnels, nebula
Headscale and zerotier as well
I would do option A, but instead of just not using the free internet, I would use it for everything else not needing server services. So like streaming or general browsing.
Just leaving the Google fiber as a dedicated pipe for all my self hosted services
You can do this kind of split with pfSense easily
I just got a Ubiquti Dream Machine that can do fail over so the other connection won't be completely wasted but $70 per month could be saved by finding another way.
Yes you can do this. Two problems:
It isn't fast. Watch your MTU.
Youll have to make sure return packets come through the VPS on their way back. You'll have to set up those packets to masquerade on their way out, otherwise you'd see internal IPs on the internet (they get dropped immediately). You can either masquerade them on the inside so they appear to be coming from your VPS (internally), or if you want the destination computer to see the real Internet IP, you'd need to set up rules on the destinarion computer which routes packets through the VPS otherwise they'd return via the default gateway.
why get a low cost vps to route the traffic through when you can just run the app on the vps?
It depends on the app. Yes, I could run my password manager on the VPS since that takes up virtually no space or bandwidth. The odd IP camera needs to be local, the Minecraft server with mods needs local CPU power and RAM (presumably).
Storage size, privacy, security, operating cost…I can think of several reasons. I use a cheap vps to help me route traffic to my ebook server, and I don’t have to pay for extra storage on the vps to hold all my comic books, which can be quite large when scanned in HD.
I'm not sure that it would fix all of your issues, but you could put some stuff behind a reverse proxy and use something like duckdns to setup dynamic dns.
A reverse proxy needs you to forward ports 80 and 443, unfortunately.
Not when used with Tailscale. You can put Tailscale on the VPS and on your home server, put Nginx on the VPS and point it to the Tailscale address for the desired service with your desired subdomain.
Voila, Nginx is serving your content through the Tailscale tunnel without edits to your home network. If Tailscale works, then this will work.
Cool, nice.
Maybe nginx does, but cloudflared does not, as far as I know (since it's an outbound tunnel). I haven't ever had to open any ports for cloudflared. However, it obviously requires you to use cloudflare.
A little searching seems like Cloudflare ~~Argo~~ tunnels might be a good route to try. And possibly free, though I'm not opposed to paying for a better service. There seems to be a fair amount of step by step documentation on this. I'll demo this on my lab as I haven't moved it to the new apartment yet.
Yep, should be free unless you want more firewall features!
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!