If you specify out-interface for your src-nat rule and if you also have dst-nat rules to your internal network, they might not work correctly if used from internal network. Because then your request does not go through out-interface and is not src-natted as it should. That's why in my case I prefer
chain=srcnat action=masquerade src-address=192.168.0.0/24
instead of
chain=srcnat action=masquerade out-interface=ether1
and
Possible uses of the in-/out-interface parameter could be when you do NOT want to use src-/dst-ip-addresses.
Imagine having a RouterOS machine with a pppoe-client that's getting a dynamic ip address. Now you want to configure a dst-nat rule to redirect incoming email to your mail server (for example). You cannot work with dst-address here (as it's changing all the time), but you simply say "dst-nat every connection to tcp port 25 coming in the pppoe-client-interface to my internal mailserver".
I have in fact TWO pppoe connections with dynamic IPs.
I then have a bunch of dst-nat rules for stuff like outlook web access etc and each rule specifies the in-interface. Because of the two internet links I duplicate each rule, just changing the in-interface. Is this correct?
I tried removing the out-interface on the masquerade rule, just leaving the src-address field but the internet access went very sloooooooow. What did I do wrong?