As soon as I add that to the MK, outbound webbrowsing breaks. Not only that, I cannot Winbox in or SSH in to the router, but previous logins stay alive. If I disable the line it still breaks webbrowsing. I have to remove the line, then everything functions again.
Nothing else it setup on the box, except internal DHCP server. The external is on a cable modem and is also set to DHCP.
I have a temp fix in for the port 80 forward by declaring dst-address=69.x.x.x (My outside IP). But the IP is on DHCP and tough it rarely changes, I would like the box to be dynamic.
My favorite fix:
/ip dhcp-server lease
print
make-static X
where X is the line number of the lease for your server. The server will always get that ip when it requests one, and will not be issued to anyone else.
Your temp fix is actually one of the real fixes. Your NAT rule was way too general, so it basically read as, any connection that goes through the router with a dst-port of 80, redirect to this IP. This includes all LAN and WAN traffic, hence why it broke your web browsing. You could also specific an in-interface if you don’t want to specify your public in case it is a DHCP one that may change.
You need to be careful of not only the order of your rules, but how general or specific they are. If they are too general they will match more than you want them to do, if they are too specific they will not match everything that you want them to.
