ADMINS! PLEASE APROVE THE POST! Can not message to anyone to tell that my post are awaiting approval since days. - Thank You! 
Hello to Everyone!
I am new to MikroTik. Just bought a hAP ax^2 1-2 weeks ago. I used a TP-Link 1043ND, so i would like to use the MikroTik the way i used to the old router.
I have a NAS (192.168.1.200 - LAN), a PC (192.168.1.2 - LAN), and some smart devices over WiFi. Router is 192.168.1.1
WAN port let’s say: 92.68.34.83 (examplehost.net)
The Synology NAS sets its port forwards using UPnP into the Router’s Firewall NAT table. (IMAP, SMTP, WEB, FTP, etc…)
There are manual port forwards set for the PC (remote access and passive remote support), and auto set UPnP ports for softwares.
I saw so many solutions to be able to reach a service on the LAN from the LAN, by referring the host / ip on the WAN side of the router. No One makes it possible to use the existing port forwarding rules on the NAT table, and make a preparing rule which then passes the packets by to the rules, and everything works as in a standard router.
With the old router I had to enable UPnP, set a manual port range for passive FTP, and used DMZ for everything else to the PC (software firewall).
Referring to the IMAP server (on the NAS) from the LAN worked. Accessing every service from the WAN worked.
So I know how to manually set up each and every port forward to work from LAN to LAN through WAN IP (92.68.34.83:993 for example), but do not want a step back from what i had previously.
Not mentioning, if something changes on the nas, or anywhere on the devices on the LAN, do not want to manually change setting on the router too.
Now, the manual (not)solution (by Steveocee) is:
/ip firewall address-list
add address=examplehost.net list=WAN-IP
/ip firewall nat
add action=masquerade chain=srcnat comment=“HAIRPIN NAT” dst-address=
192.168.1.0/24 src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment=“NAS - IMAP” dst-address-list=WAN-IP
dst-port=993 protocol=tcp to-addresses=192.168.1.200 to-ports=993
So this way I have to set rules that have ports in it, but i already have those rules set by the devices by UPnP.
The DMZ thing is not so urgent. If You can help, it would be nice too!
I forwarded port 1-65535 to PC IP, but had to made the rule the last one. BUT… UPnP rules are dynamic, and over time they gets the last, and boom… none of the services can work under the “DMZ” forward. Would like to forward everything, EXCEPT the ones (ports) that has a rule already.
Please help to solve these two problems, and can use the router as it was with the TP-Link 1043ND!
Thank You!
Zsolt