Firewall configuration for Mario Kart Wii and Nintendo WFC
I received my copy of Mario Kart Wii recently and looked forward to play online for the first time with my Wii, that I have since one and a half years now. How disappointed was I when I figured out, that it’s not so easy to hook up with the network, when you’re not directly connected to the net, but are behind a firewall. After hours of debugging network traffic with tcpdump (that’s worth another blog post about how to dig through that and filter for what you need) I finally came up with these rules, that now allow me to compete online. I just tried and sucked badly, I need to practice. Ask me for my friend code if you want to drive against me.
These are my firewall settings. The TCP part is also described by nintendo, but forwarding all UDP traffic just was not suitable.
- Firewall:
- Allow TCP/IP * -> 28910-29920
- Allow TCP/UDP * -> 27900-27901
- Allow TCP/UDP 3700-4300 -> *
- Allow TCP/UDP 50000-65535 -> 50000-65535
- Port forwarding:
- UDP packets to 27900-27901 -> Wii
- UDP packets from 3700-4300 -> Wii
- UDP packets from 50000-65535 to 50000to 65535 -> Wii
The last portforwarding is to establish the peer2peer network with your in-game opponents. First the Wii authenticates to a server with a client certificate over https. In the following information exchange it appers that the Wii is assigned a unique UDP port, that it uses to communicate with the peers. I don’t really know how that scales and also I don’t know yet how these rules interfere with existing portforwarding rules for other peer 2 peer networks. Beside, these settings might just work for Mario Kart Wii and other games for Nintendo WiFi Connection require other settings.
Tags: firewall, ip, mario kart, nintendo wfc, port, port forwarding, tcp, udp, wii