Community discussions

just joined
Topic Author
Posts: 21
Joined: Fri May 11, 2012 11:27 am

A very noob question about dst-nat rules

Mon Feb 12, 2018 5:01 pm

For example I need to forward packages on several ports to same address in LAN - _NO_ port rewriting, only address rewriting.

Options are:
A) One rule per port and add comment accordingly - easier on maintenance I guess?
B) One rule for all ports with same LAN address and protocol - shorter list under NAT.

Which one is better? Does option B give any advantage on performance or is it very minor?

Member Candidate
Member Candidate
Posts: 127
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa

Re: A very noob question about dst-nat rules

Mon Feb 12, 2018 9:18 pm

You want traffic to pass through the minimum number of rules so I would create an interface list and then reference that in a single rule...
User avatar
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Wed May 20, 2015 10:14 pm
Location: Quito

Re: A very noob question about dst-nat rules

Tue Feb 13, 2018 5:43 pm

Hi zhangxiao:

I shall prefer the option B... If you're able to configure a firewall or nat rule with fewer posible lines, this firewall isn't going to affect the performance of your router
Expert consulting in | BGP | MPLS | OSPF | Se Habla Español 1-855-645-7684 #1 ranked MikroTik consulting firm in North America

Who is online

Users browsing this forum: yuridee and 7 guests