MiktoTik port forwarding to a remote network via l2tp?

Good afternoon.

I came across a seemingly simple, but, as it turned out, not very, question, a brief description of the task

There are two locations connected via vpn (l2tp + ipsec).
The 1st point (M) has an external ip-address, the 2nd point (C) has a gray address It is
necessary to organize port forwarding to access the video surveillance recorder, which is located on the C network through the external ip of the M network

I understand that the topic seems hackneyed , I re-read a bunch of information, but I didn’t get an unambiguous understanding, so I can’t set up this scheme at a qualitative level so that I can understand the physics of the process =)

As a result, I want to do this - I enter the external ip in the browser: the port of the M router and by vpn I get to the C network registrar, for example 1.1.1.1:33333

What settings are there now

Router M

White ip 1.1.1.1
vpn l2tp server 172.16.110.1
Internal network 10.0.0.1/24
ip firewall nat for port forwarding
add action=dst-nat chain=dstnat dst-port=33333 in-interface-list= Wan protocol=\
tcp to-addresses=172.16.110.2 #The
leaf interface is used because several providers are connected to router M
add action=masquerade chain=srcnat dst-address-list=CamsS out-interface=\
L2tpS #I
made an address list to limit the purposes of masquerading
ip route
add comment="Route to S" distance=1 dst-address =10.50.0.0/25 gateway=172.16.110.2
#Custom route to remote network
ip route rule
add dst-address=10.50.0.0/25 table=main #just
in case, I always add local networks to the general routing table Router

C

Gray ip from provider
vpn l2tp client 172.16.110.2
Internal network 10.50.0.0/25
ip route
add comment=" Route to M" distance=1 dst-address=10.0.0.0/24 gateway=\
172.16.110.1 #Reverse
route
ip route rule
add dst-address=10.0.0.0/24 table=main
#add router M network to table routing
ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 #masquerade
network-wide
add action=dst-nat chain=dstnat in-interface=L2tp-M-VL protocol=tcp \
to-addresses=10.50.0.100 to-ports=80 #port
forwarding to the registrar itself on the 80th port

There is routing between networks, everything works, everything opens, shows, etc.
But there are interesting stories at the external address, for example, when you enter 1.1.1.1:33333, you can request a login / password and after entering "go into yourself" i.e. Nothing happens.

Please help me figure out the settings, what is missing, or do I need to do it differently?

UPD

I found suitable articles that describe my case:
https://mikrotik.me/blog-MulltiWan-access-to-via-V...
https://open-networks.ru/d/93-mikrotik-probros -por...

But, this did not clarify the situation, but confused it even more .. I

still count on help and advice on setting up =)