Hello,
I'm trying to figure out how to correctly port forward in my case.
I'd like to expose a ftp server and a ssh server on a high port on my WAN.
It seems there are two options with the NAT; specify a dst-address and/or specify an in-interface-list
specifying dst-address:
/ip firewall nat add chain=dstnat action=dst-nat dst-address=1.2.3.4 dst-port=1234 to-addresses=10.0.0.3 protocol=tcp to-ports=21
specifying in-interface-list:
/ip firewall nat add chain=dstnat action=dst-nat in-interface-list=WAN dst-port=1234 to-addresses=10.0.0.3 protocol=tcp to-ports=21
Both of them should result in a functioning setup.
But does setting the dst-address (public IP) have any benefits here?
If you have two WAN/IPs it will make a difference because one will only work on one IP while the other will work on all public IPs.
But is there any other security concern of just setting the in-interface-list?
Thanks a lot in advance!
I read through the wiki but did not find any answers to those questions yet.