Bought my first Mikrotik Router Hex S a couple days ago and I can not get port forwarding to work at all. I have watched all the YouTube videos and they each do it a little differently. I have a unraid server running on 192.168.50.29. In there is a docker container called Nginx proxy manager. I am trying to forward ports 80 to port 180 on the docker container and port 443 to 1443 on the docker container. I have changed the Mikrotik Webfig port number to something other than 80 and 443 is currently disabled. I have setup the DSTNAT forwarding rules under nat and have also created the firewall forwarding rules as well. For DST address I am putting the public ip of my router/internet. My internet is coming into my router on ethernet 1. I can not figure out what simple thing I am missing.
I am using the default configuration and haven't changed much besides trying to setup port forwarding.
Thanks for the help
[admin@MikroTik] > /export
# feb/20/2021 21:45:16 by RouterOS 6.48.1
# software id = U07L-4D89
#
# model = RB760iGS
# serial number = E1F20D0999FB
/interface bridge
add admin-mac=08:55:31:64:45:6A auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.50.2-192.168.50.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.50.1/24 comment=defconf interface=bridge network=192.168.50.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.50.2 client-id=1:4:d9:f5:c2:4d:e0 mac-address=04:D9:F5:C2:4D:E0 server=defconf
add address=192.168.50.50 mac-address=1C:FE:2B:AC:CA:60 server=defconf
add address=192.168.50.51 client-id=1:c4:d6:55:40:f4:f7 mac-address=C4:D6:55:40:F4:F7 server=defconf
add address=192.168.50.52 client-id=1:d0:52:a8:54:10:3a mac-address=D0:52:A8:54:10:3A server=defconf
add address=192.168.50.54 mac-address=C4:95:00:7F:43:95 server=defconf
add address=192.168.50.11 client-id=1:0:e0:4c:1:f:20 mac-address=00:E0:4C:01:0F:20 server=defconf
add address=192.168.50.53 client-id=1:34:af:b3:58:ee:d9 mac-address=34:AF:B3:58:EE:D9 server=defconf
add address=192.168.50.22 client-id=1:48:b0:2d:1:2f:ad mac-address=48:B0:2D:01:2F:AD server=defconf
add address=192.168.50.21 mac-address=F8:54:B8:22:D4:CA server=defconf
add address=192.168.50.20 client-id=1:ac:bc:32:67:65:62 mac-address=AC:BC:32:67:65:62 server=defconf
add address=192.168.50.12 client-id=1:7a:e2:2a:10:a7:64 mac-address=7A:E2:2A:10:A7:64 server=defconf
add address=192.168.50.23 client-id=1:48:b0:2d:4:df:3d mac-address=48:B0:2D:04:DF:3D server=defconf
/ip dhcp-server network
add address=192.168.50.0/24 comment=defconf gateway=192.168.50.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.50.30
/ip dns static
add address=192.168.50.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input dst-address-type=local src-address-type=local
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward dst-address=192.168.50.29 dst-port=51820 in-interface=ether1 protocol=udp
add action=accept chain=forward comment="Port forwarding for Plex\
\n" dst-address=192.168.50.29 dst-port=32400 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="NGNIX Proxy firewall rule" dst-address=192.168.50.29 dst-port=443 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="NGNIX Proxy firewall rule" dst-address=192.168.50.29 dst-port=80 in-interface=ether1 protocol=tcp
add action=accept chain=forward comment="NGNIX Proxy firewall rule" dst-address=192.168.50.29 dst-port=443 in-interface=ether1 protocol=udp
add action=accept chain=forward comment="NGNIX Proxy firewall rule" dst-address=192.168.50.29 dst-port=80 in-interface=ether1 protocol=udp
add action=accept chain=forward dst-address=192.168.50.29 dst-port=5001 protocol=tcp
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="NGINX Proxy Port Forwarding 80\
\n" dst-port=80 in-interface=ether1 protocol=tcp to-addresses=192.168.50.29 to-ports=180
add action=dst-nat chain=dstnat comment="Port forwarding for Plex" dst-port=32400 in-interface=ether1 protocol=tcp to-addresses=192.168.50.29 to-ports=32400
add action=dst-nat chain=dstnat comment="NGINX Proxy Port Forwarding 80" dst-port=80 in-interface=ether1 protocol=udp to-addresses=192.168.50.29 to-ports=180
add action=dst-nat chain=dstnat comment="NGINX Proxy Port Forwarding 443" dst-port=443 in-interface=ether1 protocol=tcp to-addresses=192.168.50.29 to-ports=1443
add action=dst-nat chain=dstnat comment="NGINX Proxy Port Forwarding 443" dst-port=443 in-interface=ether1 protocol=udp to-addresses=192.168.50.29 to-ports=1443
add action=dst-nat chain=dstnat dst-port=5001 in-interface=ether1 protocol=tcp to-addresses=192.168.50.29 to-ports=5001
add action=dst-nat chain=dstnat dst-port=51820 in-interface=ether1 protocol=udp to-addresses=192.168.50.29 to-ports=51820
/ip service
set www port=8080
/system clock
set time-zone-name=America/Chicago
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN