Established NAT rule vs. UPnP-created rule

I have two rules in my NAT for my torrent program, so that incoming data on the port I use is sent directly to the computer the program is running on:

 3    ;;; Torrent Port TCP
      chain=dstnat action=dst-nat to-addresses=192.168.88.254 to-ports=58326 protocol=tcp in-interface=eth1-gateway dst-port=58326 log=no log-prefix="" 

 4    ;;; Torrent Port UDP
      chain=dstnat action=dst-nat to-addresses=192.168.88.254 to-ports=58326 protocol=udp in-interface=eth1-gateway dst-port=58326 log=no log-prefix=""

I have UPnP enabled, and sometimes (but not always) two new dynamic rules will be created that specify my external IP in the dst-address field, rather than how I have it - in-interface=eth1-gateway. Sometimes (but not always), there’s also a rule created to dst-nat port 8080 to this computer from my external IP.

I do notice that with the rules I have, they don’t seem to rack up much in the way of counts in the bytes/packets columns, but the newly-created rules do.

Which rule set is better? Or more efficient? Is there a reason my external IP needs to be used, as opposed to specifying the WAN interface?

The in-interface=eth1 vs dst-address=YourIP work just the same, neither is more efficient than the other. When configuring rules manually, it’s ideal to use in-interface in case your public IP changes.

On a company network an admin may turn off UPnP so the admin has control of which ports are being forwarded rather than letting all users set them up ad-hoc via UPnP.

On a home network, UPnP is convenient and simple, you don’t have to manually do port forwarding.

Got it. Thanks.