port forwarding :/

Super simple case, strugglig to get it working after resetting configuration, no idea why.

adding a following rule

/ip firewall nat add chain=dstnat dst-port=80 action=dst-nat protocol=tcp to-address=192.168.1.10 to-port=80

not only does not work (tried from both inside of a network and outside) but also breaks any (non-https) web browing from inside of the network.

IP address of the router is 192.168.1.1, web server IP address is 192.168.1.10.

Configuration is almost default, just added some static DHCP leases and changed service ports.

Full configuration (I xxx-ed parts which I considered private) is available at https://pastebin.com/F8ipEW8e. The rule I am trying to add is disabled.

Thanks to everyone for suggestions. Cheers.

You’re telling router to take packets to :80 and redirect them to 192.168.1.10:80, so that’s what you get.

Add “dst-address-type=local dst-address=!192.168.1.1” to your rule and it will work. First part limits original destination to only addresses owned by router, so it won’t longer catch everything to any address on internet. Second part excludes router’s internal address (in case you use WebFig from LAN).

Your rule does not indicate which interface is traversed to get to your web server?
/ip firewall nat
add chain=dstnat protocol=tcp dest-port=80 comment=“My Web Server”
in-interface=wan action=dstnat to-addresses=192.168.1.10