Too funny,
One needs a protocol so that the router knows whats coming!
This doesnt cut it..........
add action=dst-nat chain=dstnat disabled=yes dst-port=24022 in-interface-list=WAN log=yes
protocol=t
to-addresses=192.168.1.240 to-ports=22
Sob: Did you want to sign up for my MTUNA certification, we cover 'proper methods in config scrutinization"! ;-P
To the OP why do you have so many duplicate looking rules, what a mess!!
Makes me want to slap someone upside the head.
Lets fix it!!
By the way this rule should simply work when you fix the protocol issue!!
add action=dst-nat chain=dstnat disabled=yes dst-port=24022 in-interface-list=WAN log=yes protocol=t
to-addresses=192.168.1.240 to-ports=22
Cleaned up working version.
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none \
out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=63306 in-interface-list=WAN protocol=tcp to-addresses=\
192.168.1.10 to-ports=3306
add action=dst-nat chain=dstnat dst-port=3724 in-interface-list=WAN protocol=tcp to-addresses=\
192.168.1.10 to-ports=3724
add action=dst-nat chain=dstnat disabled=yes dst-port=24022 in-interface-list=WAN log=yes protocol=tcp \
to-addresses=192.168.1.240 to-ports=22
Done!!
By the way the only reason to use dst-address-list=mywanip
(Assuming mywanip is the firewall address list entry with IP=clouddns name)
If you want to be able to reach the server via your WANIP address from a device on the same lan subnet as your server, if you do two things need to happen.
First add a second hairpin source nat rule.
add action=masquerade chain=srcnat source-address=lansubnet destination-address=lansubnet (in your case lansubnet appears to be 192.168.1.0/24)
Second modify the dst nat rule (replace in-interface-list=WAN) with dst-address=mywanip