If I understood it correctly... Your WLAN IP is 192.168.4.1 and your DHCP pool is 192.168.4.2-192.168.4.254. You want to redirect traffic coming from your LAN to a host that is located in the same subnet(192.168.4.244). I suggest you to connect your server to a different interface and subnet (ex: servers on 192.168.3.0/XX on etherX) and do not bridge WLAN and EtherX. You will not be able to dst-nat your traffic to the same subnet. I hope this help you.
One more thing, If your server is also wirelessly connected, you can create a virtual AP and assign it to a different subnet and finally connect your server to this subnet. If you can, post an image of your network topology.

If your server is also wirelessly connected, you can create a virtual AP and assign it to a different subnet and finally connect your server to this subnet.

Hey, thanks for answering. I tried your way but it isn't working. However if I connect to wlan and host my website from a laptop connected to same wlan. I can access it. But it isn't happening with dst-nat rule.

PS I am not connected to dns can that be a problem? but if I put ip address of laptop hosting website it can access the site. So is not being connected to DNS a problem or not.

/ip firewall nat add chain=srcnat dst-address=192.168.4.244 src-address=192.168.4.0/24 action=masquerade

change the netmap action to dstnat - dstnat is stateful and will automatically translate the replies from your webserver. netmap will not do this, and that's why things are broken.

I'd say to do this on your dstnat rule:

protocol=tcp
dst-port=80
src-address= [!] ip.of.server
action=dst-nat
to-address=ip.of.server

(check the ! box, which means "not")

So in English, this rule says: For all TCP packets whose destination port is 80 and whose source IP is not the special server, change the destination address to the special server.

re-post your nat chains:

/ip firewall nat export

okay - first thing - packet marks are usually not used for NAT... There are some ways you might do packet marking to drive NAT, but that's pretty rare, and not necessary for what you want to do.

I'm going to assume that the http site you're redirecting to is still hosted on 192.168.4.253...... so here is what the rules should look like:

/ip firewall nat
add action=masquerade out-interface=ether1-gateway
add action=masquerade dst-address=192.168.4.0/24 src-address=192.168.4.0/24
add action=dst-nat dst-port=80 protocol=tcp src-address=!192.168.4.253 to-addresses=192.168.4.253

That's all you need.

okay - first thing - packet marks are usually not used for NAT... There are some ways you might do packet marking to drive NAT, but that's pretty rare, and not necessary for what you want to do.

I'm going to assume that the http site you're redirecting to is still hosted on 192.168.4.253...... so here is what the rules should look like:

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1-gateway
add chain=srcnat action=masquerade dst-address=192.168.4.0/24 src-address=192.168.4.0/24
add chain=dstnat action=dst-nat dst-port=80 protocol=tcp src-address=!192.168.4.253 to-addresses=192.168.4.253

That's all you need.

EDITED to put the chain in there - whoops.

Whoops - I forgot to specify the chain in my rules.

You do not need a rule for 192.168.5.0/24

These rules are the only ones you need.

Rule 1: standard, everyday old-fashioned "NAT when going out to the Internet" rule
Rule 2: "hairpin rule" - if redirecting from 192.168.4.X hosts to a destination of 192.168.4.253, then you need this rule so that the replies from 4.253 will be sent to the router to get mapped back to whatever reply IP the original 4.X host was expecting.
Rule 3: this rule redirects port 80 to go to 4.253 for any possible destination, unless the request is actually coming from 4.253 itself.

You do not need any more rules than this to do what you've specified: redirect ALL web to 4.253 and allow it to work from 4.x network.
(5.x network does not require hairpin NAT since it's in a different network entirely from 4.x)

I also want any device in .5.x network to go to my server at 192.168.4.253 irrespective of what website they want to go to.

PS how does the router use these tables does it use all the rules and then send packets or does it sends the packet once it finds a rule correct.

I also want any device in .5.x network to go to my server at 192.168.4.253 irrespective of what website they want to go to.

PS how does the router use these tables does it use all the rules and then send packets or does it sends the packet once it finds a rule correct.

I know.

The three rules I gave you will do that.
Rule #3 does not care what IP addresses are used, except that the source is NOT 192.168.4.253.

The way rule chains work in Mikrotik is that a packet is compared to each rule in order from first until last.
Every condition on the rule MUST be true in order for the rule to match.
If the rule is a match, then the action is done, and the packet leaves the chain (no more rules are checked).
If the rule is not a match, then it continues until the end of the chain.
If no rules match, then the packet will be accepted (filter table default) and will not have any nat actions performed on it (nat table default)


Different chains are used in different parts of the flow of packets - the full picture is shown in the RouterOSv6 Packet Flow Diagram.
Simplified version is this:
input chain = packets to the Router itself
output chain = packets the router generates itself
forward chain = packets flowing through the router - i.e. neither the source nor the destination is the router itself.
srcnat = done after forwarding decisions are made / forward filter
dstnat = done before forwarding decisions are made / forward filter