FTP

How to set up Mikrotik for normal FTP work?

I set up 951 Mikrotik one by one manual with the following rules in the firewall:

0    chain=input action=accept protocol=icmp
 1    chain=input action=accept connection-state=established,related
 2    chain=output action=accept connection-state=!invalid
 3    chain=forward action=accept connection-state=established,new src-address=192.168.88.0/24 in-interface=bridge-local out-interface=lte1
 4    chain=forward action=accept connection-state=established,related in-interface=lte1 out-interface=bridge-local
 5    chain=forward action=accept connection-state=established,new src-address=192.168.111.0/24 in-interface=bridge-guest out-interface=lte1
 6    chain=forward action=accept connection-state=established,related in-interface=lte1 out-interface=bridge-guest
 7    chain=input action=accept connection-state=new protocol=tcp src-address=192.168.88.0/24 in-interface=bridge-local dst-port=80,8291
 8    chain=input action=drop
 9    chain=output action=drop
10    chain=forward action=drop

There is a main network and an additional guest Wi-Fi without access to the main network. Internet via LTE1.
As a result, when working with an FTP server through Filezilla, I get delays of 1-2 seconds when listing a directory or starting to copy a file (the copy speed itself is ok). When working through TotalCommander, this is not the case.
Found that the process is affected by the last #10 firewall rule. I enabled logging for it with the prefix test:
12:28:38 firewall,info test forward: in:bridge-local out:lte1, src-mac aa:bb:cc:dd:ee:ff, proto TCP (SYN), 192.168. 88.99:51722->111.222.111.222:12025, NAT (192.168.88.99:51722->192.168.0.2:51722)->111.222.111.222:12025, len 52
Why does it work? After all, this type of forwarding seems to be allowed in rule #3. How to properly configure the firewall in this case?