can not view IP cameras from inside network

Hello everyone I am going crazy right now so please read carefully and help me.

This is my setup. I have RB for main router with wan IP: 111.111.111.111 and PPPOE server for clients to connect. After connecting clients get some local IP address 10.10.8.0/22. Now some of them have IP cameras and want them to see from INSIDE and OUTSIDE our network. I managed to make DVRs to work and cameras to be view-able from OUTSIDE the network with this simple NAT on the mikrotik:
chain=dstnat action=dst-nat to-addresses=10.10.9.243 to-ports=8009 protocol=tcp dst-port=8009 log=no log-prefix=“”\

Most of them have Tenda for home routers so what I do there is port forward from port 8009 to port 8009 to IP address:DVR IP address here

This way I can open DVRs (hikvision softwere) from phone using IP/Server settings where I add public IP:111.111.111.111 port 8009.

WHAT I CAN NOT DO AND DON’T KNOW HOW is how I can view cameras from inside our network. For example how some pppoe client with IP:10.10.11.22 can open and view cameras set on client with IP 10.10.9.243?

I hope you can understand what I am trying to do.

It should just be a simple routing/firewall thing. Does your central router know how to get to 10.10.9.243? Do you have firewall rules that prevent PPPoE interfaces from communicating to each other? Those would be the main things to check.

The client should be using their PPPoE interface as their default gateway, so that means anything it doesn’t know how to get to directly, it will try and reach by their tunnel. Your router then will get that traffic, and see if it knows how to get to 10.10.9.243, and if so it can forward it on to the appropriate next hop, assuming that there isn’t a firewall rule preventing it. Then 10.10.9.243 can reply back to the source IP as long as it has an appropriate default gateway.