"Hairpin NAT" is that part where you srcnat traffic going from LAN to public address on WAN and then back to LAN. But in your rules, you masquerade not only this, but also normal forwarded ports from outside, so you're hiding original addresses of remote clients. Also, marking packets is not very effective, because NAT works with connections, so only first packet matters and you're marking the rest for nothing.
I'm not exactly sure what was your starting point that you wanted to simplify, but you can use hairpin NAT rule like this:
/ip firewall nat
add chain=srcnat src-address=192.168.50.0/24 dst-address=192.168.50.0/24 \
out-interface=bridge_private action=masquerade
And that's it. It's possible to fine tune it a little if you want, e.g. this:
/ip firewall nat
add chain=srcnat src-address=192.168.50.0/24 dst-address=192.168.50.0/24 \
out-interface=bridge_private src-address-type=!local action=src-nat to-addresses=193.165.x.x
will make connections from internal clients look like they come from public address (in fact, you can put any artifical address there) and you'll be able to tell them from connections made by router itself.
If you wanted to make dstnat rules more simpler, chains can help with that (you need to enter the address only once):
/ip firewall nat
add action=jump chain=dstnat dst-address=193.165.x.x jump-target=port-forward
add action=dst-nat chain=port-forward dst-port=5000 protocol=tcp to-addresses=192.168.50.5
add action=dst-nat chain=port-forward dst-port=80,443 protocol=tcp to-addresses=192.168.50.x
add action=dst-nat chain=port-forward dst-port=53 protocol=udp to-addresses=192.168.50.x
add action=dst-nat chain=port-forward dst-port=53 protocol=tcp to-addresses=192.168.50.x
...
Or if you had dynamic address, initial jump rule would be (I assume router has 192.168.50.1):
/ip firewall nat
add action=jump chain=dstnat dst-address=!192.168.50.1 dst-address-type=local jump-target=port-forward
And finally, if you had restrictive "block everything by default" firewall, you can allow all forwarded ports using the single magic rule:
/ip firewall filter
add action=accept chain=forward connection-nat-state=dstnat