Access internal web server with internet IP from the same LAN

Before switching to MT, I was able to port forward a web server, and access it via my public IP: http:mywebsite.com:40399

After I switched to MT, I went to IP > Firewall > NAT , and set up the below, which let’s me access the web server from outside my network:

add action=dst-nat chain=dstnat comment=web-server dst-port=40399 protocol=tcp to-addresses=192.168.1.9
to-ports=80

I was looking around and saw that this may be called a “hairpin nat” ? I messed around with some rules and added this, which works, but I want to know if this is correct and the best way to achieve what I want to do:

add action=src-nat chain=srcnat comment=“Hairpin NAT to for motioneye” dst-address=192.168.1.9 src-address=192.168.1.0/24 to-addresses=my_public_ip_here

Yes. Have a look at https://wiki.mikrotik.com/wiki/Hairpin_NAT for the packet-by-packet explanation.

In summary, what happens is the internal device receives an answer from the internal, dst-natted IP when it expects the source IP it to come from the public IP it requested; hairpin nat does an additional src-nat so that device receives a answer with the src-address it expects (the one it requested).

You could also use action=masquerade if your WAN interface has only a public IP that is dynamically fetched from your ISP.

Do you mean this?
add action=masquerade chain=srcnat comment=“Hairpin NAT to for motioneye” dst-address=192.168.1.9 src-address=192.168.1.0/24 to-addresses=my_public_ip_here

action=masquerade is the same as action=src-nat, but will automatically src-nat with the IP of the interface, so no to-addresses required.

add action=masquerade chain=srcnat comment="Hairpin NAT to for motioneye" dst-address=192.168.1.9 src-address=192.168.1.0/24 out-interface=YourLanBridge

Okay thanks, I will try this when I get home, unfortunately I am having packet loss, disconnect issues again (i made another post in this forum). So I cannot implement the change while I am remote.