The laptop at 192.168.1.10 wants to communicate with the web server on 192.168.1.10 via the external IP address of the Mikrotik router at 220.127.116.11.
Say you have a service such as webmail, which has a nat rule to allow access from an external network...
/ip firewall nat add chain=dstnat action=dst-nat dst-address=18.104.22.168 protocol=tcp dst-port=888 to-port=80 to-address=192.168.1.10
This works fine of course, so users set up the shortcut to http://22.214.171.124:888
Problem is when they are on the internal network it doesn't work, because the Mikrotik router won't send the reply data back out the same interface. A work-around is to create a src-nat rule directly below the dst-nat rule like this.
/ip firewall nat add chain=srcnat action=masquerade src-address=192.168.1.0/24 dst-address=192.168.1.10
Goes something like this..
1. Client initiates http request to 126.96.36.199:888
2. MT receives and translates destination to 192.168.1.10 as per 1st rule
3. MT then translates the src address from 192.168.1.160 to 192.168.1.1 as per 2nd rule
4. Now communication appears to be between 192.168.1.160 and 192.168.1.1