Josh You could replace the in interface with the destination address to only target the traffic to the public address on your router. This would still allow traffic inside the router to go out to 3389.
However the in interface matching is the least costly in system resources in matching and if you are running 6.19 or above where they improved the matcher then you are probably best placed to keep that in interface to help reduce load and only target the traffic you want. Regards Alexander Alexander Neilson Neilson Productions Ltd [email protected] 021 329 681 > On 10/06/2015, at 1:54 pm, Josh Luthman <[email protected]> wrote: > > So I have 192.168.21.0/24 srcnat on the LAN side of my router > > I have a dstnat rule for 3389/tcp in-interface=ether1 (the wan port) and > dst to my inside PC. > > Is it possible to not specify the in-interface at all while still allowing > my machines inside 192.168.21.0/24 to RDP devices in the outside world? > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150609/dfed4a5a/attachment.html> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
