I want to set up a hotspot in MikroTik in such a way that my internal web servers, which are currently accessible from the Internet, are connected to a hotspot. When the Internet user enters my public address, such as 1.2.3.4:1000, he goes to the internal IP, such as 192.168.1.1:1000, and if he enters 1.2.3.4:2000, he goes to the IP 192.168.2.1:2000. Before transferring to my internal web server, first ask for the MikroTik captive portal page and after confirming the user's password, show the user my internal website. I have a problem here. My problem is that I can't tell MikroTik, which has hotspot enabled on its internet interface, that if, for example, a packet comes on 1.2.3.4:5000 or in other words on a public IP, then you have to show MikroTik's captive portal and after verifying the user's identity, access to those ports 1000 and 2000 will be opened for him. The problem is that as soon as you type 1.2.3.4:5000, MikroTik converts the URL to 1.2.3.4, that is, with port 80, and I don't want this port to remain open on the internet, and I only want 5000 to be open and after verifying the identity, 1000 and 2000 to be opened as well. I did everything, but as soon as you see the captive portal page, you can see that the port is 80 and 5000, and this greatly reduces security on the internet. Can anyone help me?

I'd suggest adding your rules in the pre-hotspot NAT chain. The rules in it are only applicable to Hotspot clients

I tried this too, but it still doesn't work and redirects to port 80.