There are 2 main steps you need to do to open port on the Mikrotik router : "Open Port" and "Hairpin NAT".
Step 1 : Create Address Lists
Go to "IP" > "Firewall" > "Address Lists"
Create a list for the ip addresses of the local area network.
Hairpinning is where a machine on the LAN is able to access another machine on the LAN via the public IP address of the router. Create a list containing the public ip address of the Mikrotik router. If you use public dynamic ip address enter dynamic dns here.
Step 2 : Open Port
Go to "IP" > "Firewall" > "NAT", Chain : datnat, Protocol : 6(tcp), Dst.Port : type the port you wish to forward.
In this article, I open port 3389 to ip address 192.168.1.253.
Dst.Address List : WAN, Action : dst-nat, To Addresses : type the IP address you wish to forward.
I open this port to remote desktop from anywhere, from the local network as well as outside the internet. After the configuration is complete I can remote desktop from outside the internet. But if I remote desktop from within the intranet and use the public ip address it gives an error. The next steps should fix this.
Step 3 : Test from internet
Step 4 : Hairpin NAT Mark Connection
Based on the ip address lists created in the previous step, I will mark connection the packets coming from the local area network to the public ip address of the Mikrotik router.
Go to "IP" > "Firewall" > "Mangle", Chain : prerouting, Src.Address List : LAN, Dst.Address List : WAN, Action : mark connection, New Connection Mark : Hairpin_NAT.
Then, do the NAT configuration with the connection just marked.
Step 5 : Hairpin NAT
Go to "IP" > "Firewall" > "NAT", Chain : srcnat, Connection Mark : Hairpin_NAT, Action : masquerade.
You pay attention to put the hairpin nat on the top position.
So I have configured Open Port and Hairpin NAT.