first of all, you locally can access 10.10.37.110:8844 from another 10.x.x.x device???
some hint:
upgrade to 6.46.8
then
change your ipsec password, you have exposed it on export: ipsec-secret="\$
8591bb64516aopsvpn04as" (
censored)
for test add this two rules on top of the others:
/ip firewall filter
add action=accept chain=input src-address=50.216.82.97
add action=accept chain=forward src-address=50.216.82.97
paste this on new ternimal for fix some other tings:
/interface bridge
set [find] fast-forward=yes
/interface ethernet
set [ find default-name=ether1 ] speed=1Gbps
set [ find default-name=ether2 ] speed=1Gbps
set [ find default-name=ether3 ] speed=1Gbps
set [ find default-name=ether4 ] speed=1Gbps
set [ find default-name=ether5 ] speed=1Gbps
set [ find default-name=ether6 ] speed=1Gbps
set [ find default-name=ether7 ] speed=1Gbps
set [ find default-name=sfp-sfpplus1 ] advertise=1000M-full,10000M-full
/ip ssh
set allow-none-crypto=no forwarding-enabled=no
and change first rule on your nat:
from
/ip firewall nat
add action=src-nat chain=srcnat comment=comcast-nat out-interface=bridge-wan src-address=10.0.0.0/8 to-addresses=23.31.142.153
to
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT Comcast" out-interface=bridge-wan src-address=10.0.0.0/8
the rule yoiu add has no error from my point of view:
add action=dst-nat chain=dstnat comment="P2L DXM Controller 1" dst-address=23.31.142.153 dst-port=9100 log=yes protocol=tcp to-addresses=10.10.37.110 to-ports=8844