Hi!
I have mopidy on one VLAN and my PC is on another one. Mopidy uses port 6680. I can connect via SSH to the server, but not over 6680. Looking for solution for different issue I found something. I modified command and this is not working... Something's missing? I tried chain=forward and chain=input.

Found a rootcause! So, my new question is why on Tomato the server could see I'm accessing it via DNS name and now it can see only I'm using IP even if I type 'music.lan' on webbrowser?

because music.lan is dynamically created DNS record by your tomato dnsmasq service. a feature of dnsmasq.

So that means on MT '/ip dns static' works like a redirection and "target" will not know what I type in address field? Also on Tomato I have the same static DNS records like now on MT.

I have something like this:
music.lan works with IP and name now (server is configured with IP only). But nextcloud I can access with 'nextcloud.lan' only - for IP it's showing untrusted domain warning. Part of it's config:

Passing name, with which client is trying to connect server (e.g. SNI), is the matter of application layer, it has nothing to do with router or firewall (which work on lower layers). So why mopidy client doesn't tell mopidy server it's trying to access "music.lan" is up to mopidy client. Your ordinary web browser, used to connect nextcloud.lan, clearly passes this info to nextcloud server.

The static DNS entry you configured into MT is not redirecting, it's just telling IP address to clients ... because clients need to know IP address of a server and having DNS service allows people to use names instead of (random) numbers (this became even more obvious with long IPv6 addresses).

But I tried to access to both services via webbrowser. On mopidy I have http interface and it was unaccessible untill I changed mopidy's config to IP.

If that's so then it seems mopidy doesn't seem to like being used with that particular name.

Does mopidy have any logs? Anything in them when you're unable to access mopidy using name?

But I was using this name when I used Tomato on my router. Now I can use this name again, but mopidy needs now IP in config. I'll check logs later.

... mopidy needs now IP in config.

Unless you configured web proxy on Mikrotik, it doesn't change payload of packets ... it can block them (firewall rules) or change source and destination IP address and/or port (NAT rules).
As I already wrote, it's client which includes server FQDN in application handshake (or not). So if you're not using MT as web proxy, then it's not MT "hiding" name of server that client wants to connect..

@webnoob Why don't set hostname to 0.0.0.0 (or ::) and it will listen on all interfaces? Then you don't need to worry about host IP changes (like using host name) unless you have multiple interfaces (excluding lo) and you want service to listen only on interface with IP 192.168.xxx.xxx.
Regarding hostname DNS issue, since static DNS entry is set into ROS DNS, are you sure that Mopidy host is using ROS DNS as primary resolver, can you ping music.lan from Mopidy host and is it matching host interface IP (can be set to different IP in hosts file)?