Homebrew My router too dumb to block nintendo servers?

[naddel81]

Hi everybody,

I noticed that even though I have blocked all the nintendo servers via router I can access eshop and update emunand just fine. That wasn't possible a year ago.

I noticed two exceptions in the router settings. First is HTTPS and the second website that use compression. Those two exceptions cannot be filtered.

Is that a router flaw or a general technical problem that those cannot be filtered?




I am currently using the two DNS servers provided on loadiine.ovh to block nintendo servers, but what if I want to add something via freeshop? then I have to deactivate it and my Wii U is vulnerable to updating. How do I prevent that?

Best wishes!

 

[SirHaxALot]

Nintendo services are using SSL (HTTPS), so they can't be filtered by it. It tells about it in 2.) „HTTPS-Websites can not be filtered“

EDIT: Why is this message in german, if you are located in US according to your profile? xD

 

[naddel81]

I am german. Dunno why I selected US 7 years ago.

So can nintendo servers be filtered with another router or is it just my router that cannot filter the nintendo servers?

 

[Ryccardo]

I am currently using the two DNS servers provided on loadiine.ovh to block nintendo servers, but what if I want to add something via freeshop? then I have to deactivate it and my Wii U is vulnerable to updating. How do I prevent that?

Don't try to block anything on the router, and set your Wii U only to the custom DNS

 

[naddel81]

I did set my N3DS, o3DS and Wii U to custom primary AND secondary DNS servers that are supposed to block nintendo updates. I just hope they keep blocking those updates and do not let us down one day by NOT blocking them anymore.

what do I do if I want to install a eShop game in the future? then I have to unblock it again and use the automatic DNS. will I be updated immediately?

 

[Captain_N]

my router will block any url i type in.... i used it to block 3ds update servers

 

[Ryccardo]

I just hope they keep blocking those updates and do not let us down one day by NOT blocking them anymore.

Yes, using any DNS means trusting them. But you trust the makers of Decrypt9, A9LH and your CFW to not brick your system either (while a DNS by itself can't cause that)

No idea why you're blocking updates on 3DS anyway, not only CFW is usually updated very quickly, but there are no forced automatic updates either!

As for the Wii U, you can temporarily disable custom DNS by using the NNUPatcher homebrew; if you then immediately go to the eshop, you will notice if you can go in (so 5.5.1 is still current) or not (turn it off to block updates again, and get your titles with a computer and Wupinstaller instead)

 

[naddel81]

thanks for your help. so on the 3DS I want to avoid the annoying update-nag and on wii U I want to avoid auto-updating. that's why I use the two DNS servers provided by loadiine.ovh in both systems.

 

[The Real Jdbye]

Hi everybody,

I noticed that even though I have blocked all the nintendo servers via router I can access eshop and update emunand just fine. That wasn't possible a year ago.

I noticed two exceptions in the router settings. First is HTTPS and the second website that use compression. Those two exceptions cannot be filtered.

Is that a router flaw or a general technical problem that those cannot be filtered?




I am currently using the two DNS servers provided on loadiine.ovh to block nintendo servers, but what if I want to add something via freeshop? then I have to deactivate it and my Wii U is vulnerable to updating. How do I prevent that?

Best wishes!

I have an ASUS router as well, and it has the same message, but in my case it blocks updates perfectly fine. I assume it's blocking them at the DNS level (so it still works with HTTPS)
By the way, only these 6 addresses need to be blocked:
nus.cdn.shop.wii.com
nus.cdn.wup.shop.nintendo.net
nus.c.shop.nintendowifi.net
nus.cdn.c.shop.nintendowifi.net
nus.wup.shop.nintendo.net
cbvc.cdn.nintendo.net
It still allows me to update games and access eShop but firmware updates are blocked.
Maybe you have a custom DNS set on emuNAND that is not blocking the update servers, and is bypassing the DNS block in the router?

 

[naddel81]

I have an ASUS router as well, and it has the same message, but in my case it blocks updates perfectly fine. I assume it's blocking them at the DNS level (so it still works with HTTPS)
By the way, only these 6 addresses need to be blocked:
nus.cdn.shop.wii.com
nus.cdn.wup.shop.nintendo.net
nus.c.shop.nintendowifi.net
nus.cdn.c.shop.nintendowifi.net
nus.wup.shop.nintendo.net
cbvc.cdn.nintendo.net
It still allows me to update games and access eShop but firmware updates are blocked.

which asus router do you have and does it tell you the same as mine about not being able to block HTTPS and so on?

 

[The Real Jdbye]

which asus router do you have and does it tell you the same as mine about not being able to block HTTPS and so on?

ASUS RT-AC68U

Maybe you have a custom DNS set on emuNAND that is not blocking the update servers, and is bypassing the DNS block in the router?

 

[Minasodrom]

Maybe you have a custom DNS set on emuNAND that is not blocking the update servers, and is bypassing the DNS block in the router?

i dont think thats how ip filtering works.

 

[The Real Jdbye]

i dont think thats how ip filtering works.

It's the only way filtering HTTPS addresses can work. And they're filtered just fine by my router, so it's a safe assumption that that's how they're filtered.

 

[naddel81]

mine looks the same. when I only use the routers filter list then the 3DS can update just fine (which it shouldn't be able to). and when I use the DNS block in the 3DS it is not updating. so clearly the asus blocking list is not working as stated above: Nintendo is using HTTPS and so it cannot be filtered.

--------------------- MERGED ---------------------------

try it yourself: just use the automatic DNS and the block list in router and go to "system settings - system update". it will say "you are on the newest system software". this shows the block list does not work. I am not relying on that so I use the blocking DNS service in the DNS settings of my devices.

--------------------- MERGED ---------------------------

It's the only way filtering HTTPS addresses can work. And they're filtered just fine by my router, so it's a safe assumption that that's how they're filtered.

it says HTTPS cannot be blocked. so why should it? please test using only the block list and AUTOMATIC dns and then try to update using 3ds system settings. it will show you the message that it has the latest software.

 

[Minasodrom]

It's the only way filtering HTTPS addresses can work. And they're filtered just fine by my router, so it's a safe assumption that that's how they're filtered.

no home class router can do https filtering, but since it works on you im a bit baffled.. but setting a different dns on your device cant bypass your ip filtering. that would make it useless on every device with manual set dns.

 

[naddel81]

I guess he has a custom DNS set up on his device and forgot about it. or he hasn't tested updating lately. I am sure it will work without a custom DNS. that's what it does on my asus router with latest firmware.

 

[The Real Jdbye]

mine looks the same. when I only use the routers filter list then the 3DS can update just fine (which it shouldn't be able to). and when I use the DNS block in the 3DS it is not updating. so clearly the asus blocking list is not working as stated above: Nintendo is using HTTPS and so it cannot be filtered.

--------------------- MERGED ---------------------------

try it yourself: just use the automatic DNS and the block list in router and go to "system settings - system update". it will say "you are on the newest system software". this shows the block list does not work. I am not relying on that so I use the blocking DNS service in the DNS settings of my devices.

--------------------- MERGED ---------------------------



it says HTTPS cannot be blocked. so why should it? please test using only the block list and AUTOMATIC dns and then try to update using 3ds system settings. it will show you the message that it has the latest software.

You are right, it does say that.
But I'm not able to actually update the console when a new update comes out, unless I remove the blocks. I've went through multiple updates and I had to disable the block every time.
The blocks block the servers updates are download from, but they don't actually block the server the update check is sent to. That's why you're getting that message.
If you need proof, try downloading a system update with 3DNUS on your PC (enter 11.2.0-35 in the title ID box and USA in the version box and hit download, it'll fail)
And yes, I did have Tubehax DNS set up at one point. I forgot about it and then wondered why eShop wouldn't work, and eventually had to remove it. My blocks still work fine. Wii U shows an error trying to download the latest update (though I already am on 5.5.1, it still shows that error, as it's supposed to when the update servers are properly blocked)

Edit: And I was wrong, it's not DNS filtering after all - I'm able to ping the addresses just fine from my PC. 3DNUS still fails though and so do updates. At some point the update process must use regular HTTP, even if HTTPS is used for the majority of it, because I'm definitely not able to update without disabling the block.
I've had the router block for ages, ever since I first got a Gateway and a 4.3 3DS, and I've verified many times that I'm not able to update. This was before Tubehax DNS even existed.

@naddel81 Even though the update check says you have the latest version, that doesn't mean the block isn't working. It has been working for me, and I get the same message when checking for updates on 11.2.

 

[naddel81]

ok, lesson learned. but I'd rather have DNS block in my devices because that works. URL blocking is a nice fall back, but nothing I would put my money on when a new system update arrives...

 

[Minasodrom]

ok, lesson learned. but I'd rather have DNS block in my devices because that works. URL blocking is a nice fall back, but nothing I would put my money on when a new system update arrives...

you could see if your router offers any type of parental controls which should work (netgear uses opendns for example)

 

[0x40]

Can't you just route traffic through a computer running a firewall that isn't broken?