Hi, yes, 192.168.100.10 is not a good example of public IP address
Indeed, the settings were applied to the wAP operating as a transparent bridge, thus at least I know why it does not work.
Now I have simplified the NAT rule to let all types of traffic through, and this is the configuration:
/interface bridge
add name=bridge
/interface w60g
set [ find ] disabled=no frequency=60480 isolate-stations=no name=wlan60-1 put-stations-in-bridge=bridge ssid=XXXXXXXX
/interface w60g station
add mac-address=48:8F:5A:C9:24:72 name=wlan60-station-1 parent=wlan60-1 remote-address=08:55:31:96:DF:0A
add mac-address=48:8F:5A:C9:24:72 name=wlan60-station-2 parent=wlan60-1 remote-address=04:D6:AA:C1:38:46
add mac-address=48:8F:5A:C9:24:72 name=wlan60-station-3 parent=wlan60-1 remote-address=04:D6:AA:C1:38:52
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip address
add address=192.168.0.81/24 interface=ether1 network=192.168.0.0
add address=192.168.100.10/24 interface=bridge network=192.168.100.0
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.100.10 to-addresses=192.168.0.144
/ip route
add distance=1 gateway=192.168.0.1
/system identity
set name=mikrotik1
From the terminal of a connected wAP 60G station (04:D6:AA:C1:38:52, with IP address 192.168.100.82), this is what happens when I ping 192.168.100.10
[admin@mikrotik2] > ping 192.168.100.10
SEQ HOST SIZE TTL TIME STATUS
0 192.168.100.10 timeout
1 192.168.100.10 timeout
2 192.168.100.10 timeout
3 192.168.100.10 timeout
...
However, the NAT rule partially works, since if I dump the TCP traffic on 192.168.0.144 I read:
...
14:11:17.848733 IP 192.168.100.82 > 192.168.0.144: ICMP echo request, id 55562, seq 20483, length 36
14:11:17.848779 IP 192.168.0.144 > 192.168.100.82: ICMP echo reply, id 55562, seq 20483, length 36
14:11:18.851418 IP 192.168.100.82 > 192.168.0.144: ICMP echo request, id 55562, seq 20739, length 36
14:11:18.851465 IP 192.168.0.144 > 192.168.100.82: ICMP echo reply, id 55562, seq 20739, length 36
...
Basically, the final destination host 192.168.0.144 sees the ping coming from 192.168.100.82 instead of from 192.168.100.10 (I know it shall be configured to answer to the 192.168.100.0 subnet).