chain = srcnat src-address = 192.168.10.0 / 24 dst-address = 192.168.1.0 / 24 action = masquerate DOES NOT WORK
I have read other posts and know that the limit of the hairpin is that the same network contains servers and clients; but I don’t know any other solutions.
Same subnet is not exactly limitation, it’s that the problem occurs only with same subnet (see https://wiki.mikrotik.com/wiki/Hairpin_NAT where it’s explained what happens). So while you can use hairpin NAT with different subnets too, it’s actually not needed at all for them, because the original problem doesn’t occur there.
It’s hard to tell what happens in your case. Could be something with firewall filter, or possibly other misconfigurations, RouterOS offers plenty of ways how to break something. If you don’t find it yourself, you can export and post your config, and hopefully someone will spot what’s wrong.
I printed a configuration and i solved the problem:
to isolate the vlan clients from the server network, I created a role in the routes table.
Now i modified it with a routing mark (for example, mark routing from my clients network to my servers network without the service ports that I would like to pass)