Redirect all traffic to the LAN webserver

RouterOS Beginner Basics
1

Hi, I know this has been asked many times, but I’m not making it to work by following other recommendations found at this forum


In a new fresh installed hAP lite router, I’m trying to redirect all the traffic from my web browser(port 80 & 443) to the raspberry webserver

I have just two clients in the dhcp

[admin@MikroTik] > ip dhcp-server lease print
Flags: X - disabled, R - radius, D - dynamic, B - blocked 
 #   ADDRESS             MAC-ADDRESS       H SE.. R STATUS  LAST-SEEN            
 0 D 192.168.89.253      B8:27:EB:43:B0:86 r de..   bound   4m38s  <- raspberry pi with the webserver     
 1 D 192.168.89.254      74:E5:F9:46:64:87 D de..   bound   4m53s <- my pc

Web proxy is disabled
No rules in the proxy access

NAT rules

[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface-list=WAN 
      ipsec-policy=out,none

Filter rules

[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    ;;; defconf: accept established,related,untracked
      chain=input action=accept connection-state=established,related,untracked 

 2    ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid 

 3    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp 

 4    ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1 

 5    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN 

 6    ;;; defconf: accept in ipsec policy
      chain=forward action=accept ipsec-policy=in,ipsec 

 7    ;;; defconf: accept out ipsec policy
      chain=forward action=accept ipsec-policy=out,ipsec 

 8    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection 
      connection-state=established,related 

 9    ;;; defconf: accept established,related, untracked
      chain=forward action=accept 
      connection-state=established,related,untracked 

10    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid 

11    ;;; defconf: drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new 
      connection-nat-state=!dstnat in-interface-list=WAN

I have tried these:
http://forum.mikrotik.com/t/how-to-forward-all-wifi-traffic-to-web-server/75343/1
http://forum.mikrotik.com/t/redirecting-traffic/74199/6
http://forum.mikrotik.com/t/redirect-all-traffic-from-a-spesific-ip-number-to-a-web-page/79956/1
Even this
https://wiki.mikrotik.com/wiki/Manual:IP/Proxy#Transparent_proxy_configuration_example

with no success.. I’m still able to browse to http://example.com and should be redirecting to the raspberry webserver
If I access the 192.168.88.253 from the browser it loads, so the pi is not the issue

I don’t understand what I’m doing wrong, appreciated is any help
thank you

Is there a simple way to hang a virtual "Out of order" sign?
2

Have you tried the following configuration:

/ip firewall nat
add action=dst-nat chain=dstnat to-addresses=192.168.89.253 src-address=192.168.89.0/24 protocol=tcp dst-port=80,443
3

This is actually what have worked for me, in case someone face this same issue

/ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.89.253 to-ports=80
add chain=dstnat protocol=tcp dst-port=443 action=dst-nat to-addresses=192.168.89.253 to-ports=443

/ip dns static
add name=www.mywifi.com address=192.168.89.253

/ip firewall nat
add chain=srcnat src-address=192.168.89.0/24 dst-address=192.168.89.253 action=masquerade