It seems (and it's hard to verify as screenshot doesn't show everything) that your DST-NAT rule isn't very selective: it matches every packet with dst-port one of configured, regardless where the packet came from. You probably want to perform NAT only on connections from internet, so you should properly configure either in-interface or (better if your firewall still follows default concept of using interface lists) in-interface-list.
A couple of related notes:
- you configured to-ports property and used whole possible range. This probably has different effect from what you expect: if to-ports is set as multiple ports (or range), then NAT may choose any of those ports as new (destination) port. If, OTOH, this property is not set, tgen NAT keeps (destination) port unchanged
- while it's fine to use single NAT rule for multiple services/ports, I suggest you to configure muktiple NAT rules, one per service/port. It0s simpky much more flexible, from performance point of view both ways are the same