My hairpin setup has always worked. Yesterday we installed a mikrotik behind a Verizon Fios modem/router and it did not work. We put the mikrotik in the dmz of the Verizon. We can VPN to it, it's just the hairpin that doesn't work. I think the Verizon is somehow affecting the hairpin. We have never had an issue before. Here is our hairpin setup:
It sounds like public address is on other router. In that case, your dstnat rule can't work, because it's looking for packets destined to local address. And if public address is somewhere else, it's not local.
You'll need another dstnat rule with dst-address=<your public address> instead of dst-address-type=local. That would be problem for dynamic addresses, but it's solvable if you put your dynamic hostname in address list, let RouterOS resolve it and use dst-address-list=<list with your hostname>.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
You may be right! I forgot that the I used an internal ip address for the camera system so that's why it was working.
Can you help me figure out a way to make it work? A lot of times we have to put the mikrotik behind the clients router in the dmz zone because the clients router can't be bridged. We have no other option. I don't like to forward ports, but sometimes the clients request it. When we do, we need the hairpin to work.