Hello,

consider following infrastructure:

wan -> Mikrotik -> lan

on WAN interface, Mikrotik has external IP adress, say 81.1.1.1. It is used to provide wan access for all the lan clients.

now, we need to have one of lan servers directly accessible from wan. So we have another IP address, 81.1.1.2. We've added this address to Mikrotik, and setup new NAT rules -> DST NAT to 81.1.1.2 -> 10.0.0.2, and SRC NAT 10.0.0.2 -> 81.1.1.2.

This seems to work fine.. almost.

The other LAN clients cannot access the server by external IP address, that is by 81.1.1.2. I've tried to play around with interface setting on NAT rules, and in one of configurations, it made it possible to ping the server from inside lan by external IP address, but it still would not work in IP protocols.

What (obvious) mistake am I doing here?

Thank you!

Please, post configuration of /ip firewall nat export.

That is called hairpin NAT. Search the forums for workarounds. The most elegant solution in my opinion is split horizon DNS where you server a different zone to your inside clients so they contact the inside IP address directly.