How to make Mikrotik have proper NAT Loopback or NAT Hairpin, in this guide show to setup IPv4 Firewall Rules

Default

By default, must have defconf: masquerade for basic NAT

LAN NAT

Add LAN to LAN NAT, this allow you using WAN IP to connect your LAN host

/ip firewall nat add chain=srcnat src-address=192.168.0.0/16 dst-address=192.168.0.0/16 action=masquerade comment=loopback

Be sure change the address to your current LAN subnet

Address List

Usually when do Port Forwarding, we use Interface List WAN or Interface Name pppoe-out1. Any traffic coming into these interface will forwarded, but from LAN will not, this we need use Firewall Address List for this trick

PPP UP

:global pppLocalIP $"local-address"
:local ifName [/interface get $interface name]
/ip firewall address-list remove [find list=this_ipv4 comment=$ifName]
/ip firewall address-list remove [find list=this_ipv4 comment=$interface]
/ip firewall address-list add list=this_ipv4 address=$pppLocalIP comment=$ifName

PPP DOWN

:local ifName [/interface get $interface name]
/ip firewall address-list remove [find list=this_ipv4 comment=$ifName]
/ip firewall address-list remove [find list=this_ipv4 comment=$interface]

This will effectively use this_ipv4 placeholder refer to current WAN IP Address

Update Port Forward

Now, change the in-interface-list or in-interface to dst-address-list=this_ipv4 like this

Be sure the loopback is under defconf: masquerade for better

Bonus

Latest Mikrotik ROS now support Full Cone NAT, but UDP only, this allow proper P2P connection which help in many case

/ip firewall nat add chain=srcnat protocol=udp out-interface-list=WAN action=endpoint-independent-nat

/ip firewall nat add chain=dstnat protocol=udp in-interface-list=WAN action=endpoint-independent-nat

BitTorrent, Gaming take advantage of this, allow peer or player able to connect directly!