Mikrotik

How to configure port forwarding for ultra vnc?

Good evening!
We bought and configured a mikrotik router instead of dlink.
Local network and access to the external work fine.
It was required to configure RDP. I set up port forwarding from any external address to the local network to a specific computer with a specific address and port (for external connection with the ultra vnc program). Doesn't let me! Screens below.
There is a suspicion that something is not spelled out in the rules.
Here are the
filter rules:

nat:

NAT entry for ultra mts Rule



export (filter rules):
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=new dst-port \u003d 80.8291.22 \
in-interface=LAN-WiFi protocol=tcp src-address=192.168.3.0/24
add action=accept chain=input connection-mark=allow_in connection-state=new \
dst-port=80 in-interface=eth1-wan- mgts protocol=tcp
add action=accept chain=input connection-state=new dst-port=53,123 \
in-interface=LAN-WiFi protocol=udp src-address=192.168.3.0/24
add action=accept chain=input connection- state=established,related
add action=fasttrack-connection chain=forward connection-state=\
established,related
add action=accept chain=output connection-state=invalid
add action=accept chain=forward connection-state=established,new \
in -interface=LAN-WiFi out-interface=eth1-wan-mgts src-address=\
192.168.3.0/24
add action=accept chain=forward connection-state=established,related \
dst-address=192.168.3.0/24 in-interface=eth1-wan-mgts out-interface=\
LAN-WiFi
add action=reject chain=input reject- with=icmp-network-unreachable
add action=reject chain=output disabled=yes reject-with=\
icmp-network-unreachable
add action=reject chain=forward reject-with=icmp-network-unreachable