I am using the rule:

/ip firewall nat add chain=dstnat dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=55555

Then start my server on .251 such as
And the port is not reachable from the internet. What am I doing wrong?

/ip firewall nat add chain=dstnat dst-address="your-public-IP" dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=55555

Hey. First of all: do you really have an application that listening that port? Because port forwarding via nat doesn't mean port will be opened from Internet just out of nowhere.
And second - you need to assign destination address, explicitly public one or assign an input interface which has that address, or both with specific address if that interface has a subnet less than /30(<30).

/ip firewall nat add chain=dstnat dst-address="your-public-IP" dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=55555

Thanks but I don't think I can add my public IP since my ISP assigns that dynamically so it is always different.

Hey. First of all: do you really have an application that listening that port? Because port forwarding via nat doesn't mean port will be opened from Internet just out of nowhere.
And second - you need to assign destination address, explicitly public one or assign an input interface which has that address, or both with specific address if that interface has a subnet less than /30(<30).

Yes I tried with an application and also with nc -l. My understanding is that if there's no application, the client would get connection refused, or a timeout if the rule doesn't work.

I can't assign an IP since it's dynamic but I'll try now with an interface.

It still doesn't work but I see the packet count increase when I try to connect to the port.

/ip firewall nat add chain=dstnat dst-address="your-public-IP" dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=55555

Thanks but I don't think I can add my public IP since my ISP assigns that dynamically so it is always different.

Use dyndns or write a script which will do this for you

Hey. First of all: do you really have an application that listening that port? Because port forwarding via nat doesn't mean port will be opened from Internet just out of nowhere.
And second - you need to assign destination address, explicitly public one or assign an input interface which has that address, or both with specific address if that interface has a subnet less than /30(<30).

Yes I tried with an application and also with nc -l. My understanding is that if there's no application, the client would get connection refused, or a timeout if the rule doesn't work.

I can't assign an IP since it's dynamic but I'll try now with an interface.

There is has to be a live server which listening this port behind your router.

It still doesn't work but I see the packet count increase when I try to connect to the port.

Then your NAT rule works correctly. Troubleshoot the server side.

Hello,
if there is a bridge
Could work
I wish conveniences.

Thanks for the replies but it doesn't work. I installed nginx on my computer, the welcome page is available at http://localhost, and http://192.168.88.251/ . I entered this rule:
/ip firewall nat add chain=dstnat dst-address="your-public-IP" dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=80
Then I enter my public-IP:55555 in my browser, and I get a connection timeout, in the meanwhile in the router NAT page I see the packet count increase for the rule I just created! What now? I tried so far with 2 servers on different ports, and netcat.

don't listen to noobs, you no need add public ip to nat rule.

you need add firewall rule:
accept
forward
dst.address=your internal ip
protocol=tcp
dst.port=your internal port

Thanks for the replies but it doesn't work. I installed nginx on my computer, the welcome page is available at http://localhost, and http://192.168.88.251/ . I entered this rule:
/ip firewall nat add chain=dstnat dst-address="your-public-IP" dst-port=55555 action=dst-nat protocol=tcp to-address=192.168.88.251 to-port=80
Then I enter my public-IP:55555 in my browser, and I get a connection timeout, in the meanwhile in the router NAT page I see the packet count increase for the rule I just created! What now? I tried so far with 2 servers on different ports, and netcat.

Hey, again What you need now is hairpin nat config. Google it Your current dstnat rule in not for you, it is for external requests.

don't listen to noobs, you no need add public ip to nat rule.

you need add firewall rule:
accept
forward
dst.address=your internal ip
protocol=tcp
dst.port=your internal port

Well, I think every ISP well know private networks of their users, don't they? )

don't listen to noobs, you no need add public ip to nat rule.

you need add firewall rule:
accept
forward
dst.address=your internal ip
protocol=tcp
dst.port=your internal port

Are you saying I also have to set up this as a firewall filter rule, in addition to the NAT configuration? Tried and still doesn't work.

There are two steps. First is dstnat, to change destination to internal address and port. That's probably already ok, if counter increases. Second is firewall filter, which can stop forwarded packets, so you must make sure it doesn't. This rule, strategically placed (i.e. before anything that could block those packets), will do it:
If not, look closer what happens. You can use Tools->Torch on incoming and outgoing interface and check if packets are arriving and passing through router correctly. Or you can add logging rules to prerouting and postrouting, and you'll see where it's going wrong.

The issue is likely that my ISP is NATting my connection, so my IP is not directly reachable from the internet.