Do you have a router registered?
print NAT rules set
disable www service on mikrotik:
/ip service
set www disabled=yes
if it doesn't help, use packet sniffer on mikrotik and see what's with the packets there

IP services are disabled in general, everything except winbox.
there is only one NAT rule:
chain=srcnat action=masquerade out-interface=ether1-gateway log=no log-prefix=""
sniffer what does it make sense to sniff? incoming traffic on the 1st port or what? Or both that and that and then to compare?
I figured out the guest WiFi ... there was a small conflict in the Firewall. But the speed still cuts

Well, look, you have two devices and both have port 80. There are several options here.
1. Disable port 80 on Mikrotik, and instead use hhtp S - port 443. It is generally logical, correct and safe to encrypt all traffic from you to the Mikrotik web interface.
2. Use not port 80 on Mikrotik, but another one. Also one of the security chips. Hacker bots scan port 80 by default, so why not move it to 4444 for example
. 3. Use forwarding from outside to the NAS with a different port. That is,
add action=netmap chain=dstnat dst-port= 8090 protocol=tcp to-addresses=10.1.1.2 to-ports= 80
That is, from the outside, the NAS will have port 8090, and then it taxis to port 80 of the NAS. That is, to get to the web interface of the NAS there will be a URL - name.DynDNS.org: 8090
Opening the NAS outside is not very safe, or rather not safe at all. Usually they use VPN to the local area where the NAS is located.
Mikrotik has built-in FTP, so port 21 will also conflict.

So how did it all work out?
I have the same problem at the moment and I have no idea how to solve it.
Tell me plz.

Solved through DMZ elementary.
Here is how it is written.
https://asp24.com.ua/blog/mikrotik-router-os-nastr...