Rules are collections of simple conditions and action performed when packet matches those conditions. If the only two conditions are protocol=tcp and dstport=80, then it will match any tcp packet going to port 80, no matter where from or to it goes. So even your connection to facebook.com will be r...

it's because you haven't specified a filter to tell it only wan traffic.  Either put in the in-interface or the dst-address (your public ip).  You also don't really need to the to-ports.  Action should be dst-nat with the to-address set to the internal ip.

You didnt read my post. 

Hello! Recently ihave added the firewall nat rule: chain=dstnat protocol=tcp dstport=80 action=netmap to-addresses=10.10.10.10 to-ports=80 I havent specify the In-interface, which is a result of none of http sites over the internet and local through port 80 is available. I would like to understand h...