I've got an RB750 with pretty much the default config. I've got it updating dyndns fine but I'd now like to add a redirect when I try that myhostname.dyndns.org from lan it resolves.

in this case you have to set up '/ip dns' to allow remote requests and add static entry of your host-name to return your internal address. Other way you get outside address (as expected) and then this gets lost in NAT. Therefore you have to add that dns entry, so you get forwarded correctly. Or you should create DMZ for server you want to access.

Yes, I tried this with dns, but this redirects all traffic to dyndns.org to the lan ip which is not what I wanted. I just want myhostname.dyndns.org to redirect.

I've a few services running and I do not wish to use dmz as it creates security issues, I'd rather have it natted behind a firewall.

Pog,

Are you sure name resolution is the problem? Check out the wiki article on hairpin nat.

http://wiki.mikrotik.com/wiki/Hairpin_NAT

I've a few services running and I do not wish to use dmz as it creates security issues, I'd rather have it natted behind a firewall.

What do you mean by DMZ? SoHo routers refer to unconditional port forwarding to a LAN machine as a DMZ. In more advanced networks DMZ refers to a third network other than WAN and LAN, where hosts run services accessible to the Internet at large. Running this in a different network further protects the LAN network: hosts in the DMZ are exposed to the Internet and may be under attach. If breached this doesn't gain the attached access to the LAN network as a firewall doesn't permit DMZ hosts to establish new connections to the LAN. A real DMZ doesn't preclude NAT in any way, and is a LOT more secure than port forwarding to the internal network.

I've a few services running and I do not wish to use dmz as it creates security issues, I'd rather have it natted behind a firewall.

What do you mean by DMZ? SoHo routers refer to unconditional port forwarding to a LAN machine as a DMZ. In more advanced networks DMZ refers to a third network other than WAN and LAN, where hosts run services accessible to the Internet at large. Running this in a different network further protects the LAN network: hosts in the DMZ are exposed to the Internet and may be under attach. If breached this doesn't gain the attached access to the LAN network as a firewall doesn't permit DMZ hosts to establish new connections to the LAN. A real DMZ doesn't preclude NAT in any way, and is a LOT more secure than port forwarding to the internal network.

Sorry, I should have been more specific. Its a pc (Win 7) my son has that We use as the household media server box, I've sabnzb, utorrent, sickbeard and couchpotato running on my own user account. My son also has a user account on the same box and uses it as his pc, therefore I'd rather not dmz it as it leaves the pc exposed with his admin account in the dmz.

I have many browser login pages and apps on my phone that I'd like to be able to connect to the box both on lan and when out and about with the same dyndns hostname without having to use the local ip when on lan

Pog,

Are you sure name resolution is the problem? Check out the wiki article on hairpin nat.

http://wiki.mikrotik.com/wiki/Hairpin_NAT

That looks like it could be what's happening, but the problem is i need this working for a few devices, my laptop, another laptop and a phone.