SSH port forward

Hello, I run server behind mikrotik with static IP 192.168.1.2. I connect to the server by SSH, so I want to forward port no. 22 to the server.
I found out that mikrotik has his SSH opened to WAN by default, so I tried to forward port no. 2022 to server by this command:

/ip firewall nat add chain=dstnat action=dst-nat protocol=tcp in-interface=ether1-gateway dst-port=2022 to-addresses=192.168.1.2 to-ports=22

/ip firewall filter add chain=forward action=accept protocol=tcp in-interface=ether1-gateway src-port=2022

When I try to connect to the server, putty shows “connection refused” message. What am I doing wrong?

You have an anomily in your firewall filter rule.
It should have the to-ports parameter from the NAT rule as portnumber, not the dst-port parameter, and it must be set as dst-port, not src-port.
This is because the filter is checked after the dst-nat rules are applied.
For extra specific checking, the dst-address parameter for the filter rule can be filled in (192.168.1.2)

So to be clear
/ip firewall nat
add chain=dstnat action=dst-nat in-interface=ether1-gateway protocol=tcp dst-port=2022 to-addresses=192.168.1.2 to-ports=22
/ip firewall filter
add chain=forward in-interface=ether1-gateway protocol=tcp dst-address=192.168.1.2 dst-port=22

could you please write the exact code for me? I am trying to change values in GUI (I am new to routerboard and don’t know the syntax well yet) and I am not successful. Thank you

While you wrote, I edited my previous post.
Check my comments there

Thank you, it’s working well now. If you tell me how to give you karma point, I will do that

To give karma, just click the + button below my karma count on the left.

well, there is a bug about it, I can’t see it while on chrome on windows, but I can see it on chromium on linux. Weird, they should be quite the same browsers…