Re my other reply. Destination address type is 12th on the list of matching which means greater load on the mikrotik. Destination address list is 13th and destination address is 9th. So if you are only looking at traffic coming in that interface then it will help the matching to target that.
You could combine both to help reduce further load. Then it would first check traffic was inbound on eth1 and to a local IP destination before it tried the destination port matcher. Regards Alexander Alexander Neilson Neilson Productions Ltd [email protected] 021 329 681 > On 10/06/2015, at 2:21 pm, Josh Luthman <[email protected]> wrote: > > Answered offlist! > > add action=dst-nat chain=dstnat comment="gkz - rdp" dst-address-type=local \ > dst-port=3389 protocol=tcp to-addresses=192.168.21.192 to-ports=3389 > > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Tue, Jun 9, 2015 at 9:54 PM, Josh Luthman <[email protected]> > wrote: > >> So I have 192.168.21.0/24 srcnat on the LAN side of my router >> >> I have a dstnat rule for 3389/tcp in-interface=ether1 (the wan port) and >> dst to my inside PC. >> >> Is it possible to not specify the in-interface at all while still allowing >> my machines inside 192.168.21.0/24 to RDP devices in the outside world? >> >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150609/f71a085e/attachment.html> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
