This should resolve anyone trying to connect outbound with their Nintendo Switch when it gets stuck on NAT D when using a pfsense router. I am using version 2.5.1-RELEASE as of this guide creation. Doing this also creates no reason to enable uPNP either. This assumes your Nintendo Switch is using a Static IP, or has a DHCP IP reservation so you can keep using the same IP. But if you have not set up a DHCP static lease, see step 1, otherwise skip to step 2.
1. Set a static IP address for the device via DHCP static mappings
- Status -> DHCP Leases, find the device, click + to add a mapping, set a static address, save, etc. I have an IP range outside my DHCP scope that I like to use for static leases.
2. Switch to Hybrid Outbound NAT
- Firewall -> NAT, Outbound tab
- Select Hybrid Outbound NAT, Save
3. Add Outbound NAT rule
- Firewall -> NAT -> Outbound tab
- Click Add
- Set the console address as the source (Type = Network, then enter the IP address, pick /32 for the CIDR)
- Check Static Port
- Click Save
That is it, you should now have NAT Type B, which should let you play Splatoon 2, and connect to other Animal crossing users.