Port Forwarding Destination IP

CappyC · December 6, 2020, 1:38am

Hello all,

Been tinkering with my Mikrotik for months and, aside from a couple issues, I haven’t had as many issues as I expected from so many reviews calling it “unfriendly.” I have next to no experience aside from your typical commercial routers. I do a lot of gaming and have a few computers networked through a hardwired home network where the family and I do a lot of PC gaming. I am trying to learn more and have been struggling understanding port forwarding. I have successfully gotten everything to work but do not understand the basics of what I am doing (just been following advice on here and youtube vids).

I was hoping some kind folks could explain what plugging in these different IP addresses into destination IP would mean in a port forwarding NAT rule and if my understanding is correct?

192.168.1.1 (my mikrotik router): this port would be open for all computers in the network and to the router.
192.168.1.0 (same as above, open the port to the whole network and all devices connected)
192.168.1.100 (only open the port for the device addressed to .100)
69.115..48 (public IP, open the port to the internet through the mikrotik firewall)

Ultimately, I only have two concerns.

Security. I have limited all means of access to the router to 192.168.1.0 which seems to be working and denying all connection attempts (I am assuming to brute force the password). I have other rules from YT videos to prevent ping floods and such. So opening a port to 192.168.1.1 would allow all the computers in the network to use it but not be accessible to the internet if I am not routing it to the public IP?
Opening specific ports for all the devices on the network. For example, GameX uses port 30555, and I want all the devices on the network to be able to transmit locally on that port, do I set the dst address to 192.168.1.0 or *.1? Or a rule for every IP?
/ip firewall nat add chain=dstnat dst-port=30555 action=dst-nat protocol=tcp to-address=192.168.1.1 to-port=30555

Thank you in advance and apologies for the length, hopefully I explained everything in a way that make sense.

anav · December 6, 2020, 9:25pm

Bits and pieces means nothing,
Need to see the entire config
/export hide-sensitive file=anynameyouwish.

In this way we can explain things in context.