if heard right, he says that i`m finished if i do have static public IP
Try watching further the entire video, it needs the port forward rules creating PROPERLY to work.
He / I am quite sure if done properly it will work.
Wont get it how adress list can help with hairpin. I have did as he shows with address list, but it wont work. As example, I try to telnet 192.168.1.201 --> 192.168.1.203:2222 it work, then if i try 192.168.1.201 ---> 88.x.x.142(public ip):2222 it wont work, so I think that DNS stuff have nothing to do with this
DNS has nothing to do with this. Stop getting hung up on it, you're clearly not understanding the key elements here.
You need the first rule to masquerade anything from your LAN to 1.203:2222
Then you need a port forward rule to push anything destined for your WAN IP (note NOT your WAN interface) to 1.203:2222
Don't use in-interface as that breaks it severely in this scenario as packets may be coming from either LAN or WAN
Address list is used to resolve WAN hostname (if dynamic) so that dst-address-list can be used to help tighten the rules down, if you have static WAN IP use that instead of dst-address instead.
That was clearly the problem that i missed that part about destination IP and it`s quite logic
Thank you! Now from LAN i can resolve with my external IP, BUT, now I can`t reach it from external network. I have added the rules in mangle as Sob said, and it gets stuck on phase 2, phase 3 wont appear, looks like router makes some kind of loop inside. the step 2says:
ClientExternalIP:someport -> 192.168.1.203:2222, NAT
ClientExternalIP:someport -> (routerExternalIP:2222->192.168.1.203:2222),len52
If i get it right, in phase 3 when 192.168.1.203 tries to respond, it searches for routerExternalIP:2222 and my rule:
add action=dst-nat chain=dstnat dst-address=routerExternalIP dst-port=2222 \
says go to 192.168.1.203 and we get looped?