As the title suggests, I have hairpin nat set up and it was working fine, and now all of the sudden it wont route me through it to any of my local servers. I’ve been looking at it off and on for days and can’t seem to spot the issue.
Here is the NAT screen.
The GUI is a poor way to show configuration.
Post the output of “/interface print detail”, “/ip address print detail”, “/ip route print detail”, and “/ip firewall export” together with a network diagram and an explanation what you’re NATing how, and why.
That seems like a lot of unnecessary information to troubleshoot a simple NAT issue.
However, it did make me look at the NAT page information differently and I found the issue. (which was visible in the image.)
The destination nat for each server was only nat’ing packets coming from the External interface. I opened that up to all interfaces and it’s working.
Thanks.
then it will be really interesting to know what cause sudenly changed your “working Hairpin NAT” configuration, or maybe it wasn’t working fine before?
Probably something dumb I did when I was making another change somewhere.
I probably looked at it and thought to myself “That doesn’t look right.” and changed it. Then much later couldn’t get to my servers and didn’t remember making that change.
Happens to the best of us every so often.. 
First, I’m very glad you found your problem. Good deal.
That seems like a lot of unnecessary information to troubleshoot a simple NAT issue.
It’s not. It helps build a different view of the router. You know your router. We don’t. We’re coming in entirely cold, and all we have is a picture of your NAT configuration. NAT is influenced by bridging (layer 2 vs layer 3). When there are interface references it helps to have a network diagram with IP addresses - that also helps with when rules erroneously refer to IP/interface combinations that “/ip address” and the diagram make impossible. It’s easy to typo something or overlook something. If I had a buck for every time I’ve put something stupid into the configuration of devices I’m working on and needed someone else to point it out to me I could retire soon. Firewall filter rules can block traffic that has already had destination NAT applied to it, or can keep packets from ever reaching source NAT. And so on and so on. Whenever troubleshooting someone else’s network you need some background. Those commands give that background. It might seem unnecessary to you - but you already have the background built by those commands. And it doesn’t take long to run them and copy and paste the output.
Just saying.