Replaced my 8 year old dlink router with a new RouterBoard running v6.38.5. Got it working, the wifi all set up and secured. The basics are all good to go.
So far I’ve read the hairpin nat wiki and a few other various posts.

Added 2 nat rules as it specified in the wiki, but the webserver is still being blocked over port 8080. The webserver is configured to run on both 80 and 8080. Using the local ip:80 it comes right up. The local ip:8080, nothing. It also runs a dynamic dns service, and is configured to point to my public ip:8080, since Cox doesn’t allow outbound port 80. Incoming 8080 traffic to my internet IP needs to be routed to the webserver on the 192 network, same port 8080.

I didn’t add the rules via the terminal (couldn’t copy-paste) so I just verified each setting in the webfig. For the Hairpin Nat settings it lists two “Add chain” entries, which I understand to be 2 separate rules? If not, that might be the issue.

Tried this rule first:
add action=dst-nat chain=dstnat comment=“” disabled=no dst-port=8080 in-interface=wan0 protocol=tcp to-address=192.webserver_ip to-ports=8080

I ignored the comment=“”, and disabled=no. Made sure that the rule had Enabled checked.
I don’t have wan0, so I selected ether1 from the dropdown, apparently some port names have changed in newer router os?
Anyway this didn’t work. Then I read the Hairpin nat wiki. It I believe has 2 rules, the first being very similar to the above, with the addition of
dst-address=(my public ip)
and the removal of the
to-ports=8080
for the first rule, and what I believe to be a second rule of
add chain=srcnat out-interface=WAN action=masquerade
Again, no port called WAN so I selected ether1 which is connected to the cablemodem, added the second rule. Still no luck, even on the local ip:8080. I’ve tried it both with and without the to-ports setting. Doesn’t work either way.

There was a default rule already in place of srcnat, out-interface ether1 action=masquerade Appears to be a duplicate of the second rule mentioned in the Hairpin wiki. I did also try that third rule mentioned later in the Hairpin wiki for srcnat with src-address and dst-address settings. Again, no change.

Any tips? I must be overlooking something.
Thanks,
GoodBoy

I’ve been doing more research, tweaking the nat rules. Still not working. Current config is

[admin@MikroTik] > ip firewall nat export

apr/26/2017 19:49:55 by RouterOS 6.38.5

software id = T5XA-V4CM

/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade” out-interface=ether1
add action=masquerade chain=srcnat comment=“Hairpin Nat” dst-address=!192.168.0.1 src-address=
192.168.0.0/24
add action=dst-nat chain=dstnat comment=“8080 Forward to webserver” dst-address=!192.168.0.1
dst-address-type=local dst-port=8080 protocol=tcp to-addresses=192.168.0.200 to-ports=8080

I may be reading it wrong, but this sounds like http://192.168.0.200:80 works, but http://192.168.0.200:8080 does not… ? If that would be the case, then forwarding to 192.168.0.200:8080 would of course do nothing useful.

Yeah, turned out to be the webserver was not accepting traffic on 8080. It’s configured to do so, but after changing the to-port to 80 on the rule, started working.

Thanks