I am trying to recreate an existing configuration to replace a fried router at a client site. I don’t have a backup, do have some (vague/incomplete) notes from about 5 years back (so I’m guessing that was 6.x firmware era). I’ve dealt with Mikrotik before a bit but “not my day job”… the client no longer deals with the people that did the original setup.
They have a subnet of static IP’s routed to them (XXX.XXX.115.177 - XXX.XXX.115.190). LAN is 10.10.16.X
The router is configured as XXX.XXX.115.177 and 10.10.16.1 respectively. General LAN traffic is NAT-ed and goes out to the internet through the router and is seen as XXX.XXX.115.177 to the outside world… this part is working fine. There are a certain number of machines both SRC and DST-NAT-ed, if I try to connect to the internet from one of them (.181 for example) I get out just fine and am seen as XXX.XXX.115.181 as I should be.
However, the problem arises if I try to access that IP inbound I don’t seem to be getting where I need to be. Or I suspect more specifically not getting back out correctly. If I try to make an inbound connection and look at that connection I see the following which I think is showing that the traffic is coming in but that it’s trying to go back out wearing the XXX.XXX.115.177 IP rather than the XXX.XXX.115.181 IP that it should be (ie. reply dst address).
This should be fairly simple but obviously somewhere along the line I’m missing one tiny thing… that probably equates to either way overthinking or way underthinking what I’m doing 
The replacement router is an RB750GL with 7.18.2 firmware, started with clean factory config including the firewall settings. Relevant clips from firewall/NAT as follows…
/ip firewall filter add action=drop chain=forward comment="defconf: drop all not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN2
/ip firewall nat add action=src-nat chain=srcnat comment="SRC-NAT - XXX.XXX.115.181 - Group DNS Server" dst-address-type=!local ipsec-policy=out,none src-address=10.10.16.181 to-addresses=XXX.XXX.115.181
/ip firewall nat add action=src-nat chain=srcnat comment="SRC-NAT - XXX.XXX.115.177 - NAT Default" dst-address-type=!local ipsec-policy=out,none to-addresses=XXX.XXX.115.177
/ip firewall nat add action=dst-nat chain=dstnat comment="TCP 53" dst-address=XXX.XXX.115.181 dst-port=53 protocol=tcp to-addresses=10.10.16.181 to-ports=53
/ip firewall nat add action=dst-nat chain=dstnat comment="UDP 53" dst-address=XXX.XXX.115.181 dst-port=53 protocol=udp to-addresses=10.10.16.181 to-ports=53
Appreciate your assistance!