This guide will talk you through the settings needed to resolve the Nintendo Wii U Online Mode when playing behind a pfSense Router/Firewall. This has been tested as working on Mario Kart 8, Super Smash Bros and Splatoon. When attempting to play any game online on the Nintendo Wii U; you may be presented with the following error : Error Code: 118-0519 - Unable to connect to partner's device. Ultimately the problem pfSense and online gaming has is that out of the box, pfSense's security model is more aligned to a business environment. Specifically, it won't let devices open there own ports on the firewall, and it randomly changes the outgoing port when your devices go across the WAN. This causes terrible problems with the Wii U connecting to other Wii U's which is needed for online mode. The fix has two stages which are documented below to get you back online. Static Ports This fix will stop the pfSense Firewall from editing your ports on outgoing connection. Firstly, we need to give your Nintendo Wii U a static IP address to allow us to make permanent firewall changes. Log into the Web Interface on your pfSense box, and browse to Services > DHCP Server > LAN and scroll to the bottom where the Static Mapping are. Click the add button and add your Wii U like so: If you don't know your Wii U's MAC address, you can get it from the Settings app on the Wii U directly, just go to Settings > Internet > View MAC Address. The IP you give your Wii U should be within the subnet your LAN interface is operating in, but outside the pool your DHCP server hands out leases to. If you are using pfSense out the box without changes, your LAN will be 192.168.1.x and your DHCP pool should be 192.168.1.100-200. So any IP between 192.168.1.2-99 should be fine. In my example above I did 15. Once done, click save and Apply the changes. Your Wii U will not immediately get the new IP assigned to it until the old one has expired - but you can speed the process up now by physically unplugging the Wii U from the power and then reloading it, it will then ask pfSense for an IP and get its new Static one. The next step is for us to make the Static Port Rule. To do this, browse to Firewall > NAT and then select the Outbound Tab which is highlighted Red below: You need to change the tick box from 'Automatic' to 'Hybrid' and click Save and Apply. You will then be able to add rules below it in Mappings. Click 'Add' to create the new Mapping. You need to enter the Wii U's new static IP in the Source Area, tick the 'Static Port' option in Translation and finally give your rule a nice new name. That's all there is to it, as per before make sure to click Save and Apply on the Firewall. Any new connections from now that go across the pfSense rule for the Wii U's IP address will not have there ports changed and you will be able to connect to other's devices. Enabling UPnP This next step is optional, but is highly recommended to ensure you don't get a 'Strict NAT' limiting the number of players you can play with on the Nintendo Network as well as allowing you to host your own games. UPnP is a protocol which can be enabled on the pfSense box which allows devices to request there own port forwards on demand. It isn't recommended in a business environment where security is key as it puts the trust into all the devices on your network; but assuming as your wanting to play on the Nintendo Wii U means your likely in a home user situation where it's quite common to have UPnP enabled (most consumer routers do). To enable it, browse to Services > UPnP & NAT-PMP: Make sure your External Interface is set to WAN, and your local to LAN. Once done, save your settings and you are good to go. Summary You should now find you are able to play games across the Nintendo Network from your Wii U. Any questions just ask below and we will be happy to help.