Hairpin nat two wan Not working

Hi all,

I have RB433AH with successfully work fileover and forwarded wan1 port to a web server at 192.168.2.80. It is reachable from outside the LAN using domain name and IP. I want to reach the real address and domain name from the LAN using Hairpin NAT but not working. This is my firewal rules.
/ip firewall filter
add action=fasttrack-connection chain=forward comment=FastTrack
connection-state=established,related
add action=accept chain=forward comment=“Established, Related”
connection-state=established,related
add action=accept chain=forward comment=“allow DNAT” connection-nat-state=
dstnat
add action=drop chain=forward comment=“Drop invalid” connection-state=invalid
log=yes log-prefix=invalid
add action=accept chain=input comment=“default configuration”
connection-state=established,related
add action=accept chain=input src-address-list=mgmt
add action=accept chain=input protocol=icmp
add action=drop chain=input in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“Harpin NAT”
dst-address=192.168.2.80 dst-port=80
protocol=tcp src-address=192.168.2.0/24
add action=masquerade chain=srcnat out-interface-list=WAN
add action=dst-nat chain=dstnat comment=“Web for test” dst-address=
1.1.1.1 dst-port=80 protocol=tcp to-addresses=192.168.2.80 to-ports=
92
Hope someone has an idea where the problem is Thanks!

You posted only part of your config, so I can’t tell for sure, but the usual problem is when routing is marked for some packets, they no longer use main routing table and then don’t see even locally connected networks. Solution is to either exclude something from marking, or use routing rules to lookup local networks only in main routing table.

Which part should I put in order for the problem to be understood?

If you’re not sure, whole config is good choice. But if it’s what I think, “/ip route” and “/ip firewall mangle” could be enough.