As noted by both, its not quite clear what the requirements are...........
1. Let some external users access servers on your LAN network (behind the router).
2. Let some external user (perhaps yourself) access the router itself to be able to manage the router/network.
3. Something else??
1. Is very common(port forwarding to a server)., and one needs to have in place a sourcenat rule, a destination nat rule or two, and the required/associated firewall rule for dstnat in general
As noted there is some concern for allowing external users to anything on the LAN network so yes, the idea of limiting it to specific WANIPs out there is a good idea. An added bonus of the source address list added to a dstnat rule is that on scans the port is invisible (without a source address list, the port is visible on scans but appears as closed).
Do recommend that the server is accessed via https or FTPs some secure protocol and has a user name password involved as well. Not sure if its worth it but there are ways to capture IPs with a number of attempts to access server and then reject them for a period of time (router function). Depending on the sensitivity of the data, the advice for VPN type connectivity is a good one.
2. Should only be done via VPN.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!