MikroTik

Hi.
I'm trying to setup dst-nat on hotspot interface to be able connect to local computer with RDP and using Emule. I've added local ip to wich dst-nat-ing to ip wallen-garden in hotspot. And added this rules:
[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Emule tcp
chain=dstnat in-interface=External protocol=tcp dst-port=4662 action=dst-nat to-addresses=10.1.1.17 to-ports=4662

1 ;;; Emule udp
chain=dstnat in-interface=External protocol=udp dst-port=4662 action=dst-nat to-addresses=10.1.1.17 to-ports=4662

2 ;;; masquerade hotspot network
chain=srcnat src-address=10.1.1.0/24 action=masquerade

3 ;;; MSTSC
chain=dstnat in-interface=External protocol=tcp dst-port=7777 action=dst-nat to-addresses=10.1.1.17 to-ports=3389
[admin@MikroTik] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop Invalid connections
chain=input connection-state=invalid action=drop

1 ;;; Allow Established connections
chain=input connection-state=established action=accept

2 ;;; Allow UDP DNS
chain=input protocol=udp src-port=53 action=accept

3 ;;; Allow ICMP
chain=input protocol=icmp action=accept

4 ;;; Allow inbound SSH
chain=input protocol=tcp dst-port=22 action=accept

5 ;;; Emule
chain=input in-interface=External protocol=tcp dst-port=4662 action=accept

6 chain=input in-interface=External protocol=udp dst-port=4662 action=accept

7 ;;; MSTSC
chain=input in-interface=External protocol=tcp dst-port=7777 action=accept

8 chain=input in-interface=External action=drop

9 ;;; drop invalid connections
chain=forward protocol=tcp connection-state=invalid action=drop

10 ;;; allow already established connections
chain=forward connection-state=established action=accept

11 ;;; allow related connections
chain=forward connection-state=related action=accept

12 chain=forward in-interface=External action=drop
With this setup I'm not able to connect to local computer through RDP and Emule rules also don't work. It gets low ID. When I trying telneting to 7777 port of external interface nothing happened. The only rule that work is SSH inbound rule. What I doing wrong?

----
yes,
this my RDP and default port: 3389 working fine with mikrotik from local or public network access.
first. i created policy ip-binding [16.16.16.5] on hotspot interface than i used this code, on firewall nat with my public router address xxx.xxx.xxx.x second created like this bellow: regards
Hasbullah.com
----

Thank you balimore for reply.

I've changed my rule
chain=dstnat in-interface=External protocol=tcp dst-port=7777 action=dst-nat to-addresses=10.1.1.17 to-ports=3389
as you suggest and now it looks like:
chain=dstnat dst-address=xxx.25.199.xxx protocol=tcp dst-port=7777 action=dst-nat to-addresses=10.1.1.17 to-ports=3389
but no luck.
Can you tell a bit more about ip-binding policy you have created in hotspot?
What parameters you have set there? Have you set "to address" there? And what type have you select?

----
ya.
this single address: or subnet like this:
regards
Hasbullah.com
---

I did the same but no luck again.

----
so sorry man, my RDP under Hotspot interface working fine and every nigth i used it over dialup modem

regards
Hasbullah.com
----

I have found problem finally.
The problem was in firewall rules:
5 ;;; Emule
chain=input in-interface=External protocol=tcp dst-port=4662 action=accept

6 chain=input in-interface=External protocol=udp dst-port=4662 action=accept

7 ;;; MSTSC
chain=input in-interface=External protocol=tcp dst-port=7777 action=accept

It should allow traffic for dst-nat rules but it doesn't.
As I found experimentally the chain should be forward for firewall rules to allow dst-nat traffic.