I am having an issue with one of my web servers that I am hosting at home. The server is at 192.168.1.4. everything has been working fine for weeks, then Sunday, I lost the ability to reach it from outside of my network. I could get to it from inside my network with the IP of the server, with my public IP, and with the domain name. I fought it for a while and couldn’t get anything figured out, but I had been working on setting up another linux machine earlier that day, so I shut it off just to be sure. at that point, it started working. last night, it dropped again where I can access it from inside my network with the internal address, my external address, and the domain name, but I can not get it from outside again. I hope someone can spot my issue because I am completely lost.
/interface bridge
add arp=proxy-arp fast-forward=no name="Mesh Bridge"
add admin-mac=B8:69:F4:0A:F2:DB arp=proxy-arp auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.2-192.168.1.254
add name=Mesh ranges=10.10.10.2-10.10.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=Mesh disabled=no interface="Mesh Bridge" name="Mesh DHCP server"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge="Mesh Bridge" comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface sstp-server server
set authentication=mschap2 certificate=CA enabled=yes
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=192.168.1.0
add address=160.7.249.40/24 interface=ether1 network=160.7.249.0
add address=10.10.10.1/24 interface=ether3 network=10.10.10.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.1.6 client-id=1:0:15:17:7b:67:ae comment="Main Desktop" mac-address=00:15:17:7B:67:AE server=defconf
add address=192.168.1.4 comment="UTMesh Web Server" mac-address=00:15:17:28:16:7B server=defconf
add address=192.168.1.5 client-id=1:b8:27:eb:e0:13:7 mac-address=B8:27:EB:E0:13:07 server=defconf
add address=192.168.1.7 client-id=1:b8:27:eb:dd:57:e9 mac-address=B8:27:EB:DD:57:E9 server=defconf
/ip dhcp-server network
add address=10.10.10.0/24 comment="Mesh Network" gateway=10.10.10.1 netmask=24
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=160.7.240.4,160.7.240.20
/ip dns static
add address=192.168.1.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=forward dst-address=160.7.249.40 dst-port=443 protocol=tcp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input dst-address=160.7.249.40 src-address=160.7.240.0/24
add action=accept chain=input dst-address=160.7.249.40 src-address=67.199.160.0/24
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Node Map Server NAT" dst-address=160.7.249.40 dst-port=82 protocol=tcp to-addresses=192.168.1.5 to-ports=80
add action=masquerade chain=srcnat comment="Node Map Server Hairpin" dst-address=192.168.1.5 dst-port=80 out-interface=bridge protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment="UTMesh Web Server Nat" dst-address=160.7.249.40 dst-port=80 protocol=tcp to-addresses=192.168.1.4 to-ports=80
add action=masquerade chain=srcnat comment="UTMesh webserver hairpin" dst-address=192.168.1.4 dst-port=80 out-interface=bridge protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment="Mesh Tunnel port opening" dst-port=5525 protocol=tcp to-addresses=10.10.10.3 to-ports=5525
/ip route
add distance=1 gateway=160.7.249.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=88
set ssh disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ppp secret
add local-address=192.168.1.1 name=Jake remote-address=192.168.1.250 service=sstp
/system clock
set time-zone-name=America/Denver
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN