Your forward chain is kinda OK. There is no default drop all, so basically it's permitting everything to be forwarded. That is not very secure, it would be better to lock it down, but that is outside the scope of your question.
Your last NAT rule that is doing the forwarding needs to be different:
add action=dst-nat chain=dstnat comment="Enable Remote Desktop to Router" disabled=no dst-port=81 protocol=tcp to-addresses=192.168.123.252 to-port=80
And in order to access it from the outside world you need to specify the port.
Note that port 81 is a reserved port, it would be better to use a port that is higher than 1024. Your previous rule may of fired, but would forward port 81 to port 81. The modified rule will forward port 81 to port 80. HTTP is defined to run on port 80, and you also had the rule disabled. Also since I'm assuming that you have the MikroTik listening on port 80 for it's web interface, it will not forward port 80 traffic, as it is processing it for itself.