From in to out

RouterOS Beginner Basics
1

Hi,

I’ve got a static public ip.

/ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    chain=input action=drop connection-state=invalid log=no log-prefix="" 

 2    chain=input action=accept connection-state=established,related log=no log-prefix="" 

 3    chain=input action=accept protocol=tcp src-address-list=Winbox Connect dst-port=8080,8291 log=no log-prefix="" 

 4    chain=input action=accept protocol=icmp src-address-list=vlans log=yes log-prefix="PING" 

 5    chain=input action=accept protocol=udp src-address-list=vlans dst-port=123 log=no log-prefix="NTP- " 

 6    chain=input action=accept protocol=udp src-address-list=capsman dst-port=5246,5247 log=no log-prefix="" 

 7    chain=input action=drop log=no log-prefix="DROP- " 

 8    chain=forward action=drop connection-state=invalid log=no log-prefix="" 

 9    chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix="" 

10    chain=forward action=accept in-interface=eth-01_WAN log=no log-prefix="" 

11    chain=forward action=accept src-address-list=vlans log=no log-prefix="" 

12    ;;; *** Guest LAN/WLAN ***
      chain=forward action=accept protocol=tcp dst-address-list=!vlans in-interface=vlan-60 dst-port=53,80,443 log=no log-prefix="" 

13    chain=forward action=accept protocol=udp dst-address-list=!vlans in-interface=vlan-60 dst-port=53 log=no log-prefix="" 

14    chain=forward action=drop log=no log-prefix=""

I can’t e.g. ping, smtp (self hosted mailserver) to my public static ip from router winbox
The complete network works fine.
The communication between vlans works.

I’ve got four another RB-devices in the network, all can go to outside e.g. ping to my public static ip.
Just the router can’t use the communication with my public static ip

It’s a firewall issue, but which?

2

Your Winbox machine is in the same IP-network then your SMTP host ?
If so, you need some rules for “Hairpin NAT” or “NAT Loopback” . Search this on the forum and you will have many many examples.

Hairpin is required if you try to reach INTERNAL hosts by calling your PUBLIC-IP on the router when sourced from the SAME IP-range as the target machine.