I have a RB-951-UI 2HnD which receives the internet connection on ether1 and uses ether2 + ether3 to give it to other Wifi routerboards and switches for desktop computers.
We have enabled the hotspot on the gateway, everything related to hotspot is working great. The thing is that we had NAT rules (port redirections) from the outside (from internet) and can't connect anymore except to the router directly (we can connect to the web interface, not to an ssh inside for instance). We suspect the hotspot NAT firewall rules (which are dynamically added to the top of the rules) messes with this. Here are all our rules, currently
From #1 to #15, dynamically added by the hotspot. #20 to #29 are NAT rules we have created under the chain name "external", and #30 returns. Then, for this to work, I thought I could create #0 on dstnat, which is basically "Everything from the outside, jump to external". I've also enabled logging on #0, but nothing appears on the log when I try to connect to a redirected port (example, 10000).
What am I doing wrong? Any idea to help please? Just in case filter rules are required, I've attached them.