Simple and effective, open the terminal and enter the following commands (modify the IP and port accordingly):
/ip firewall nat add chain=dstnat dst-address-type=local protocol=tcp dst-port=[external_port] action=dst-nat to-address=[internal_IP] to-port=internal_port
/ip firewall nat add chain=srcnat src-address=192.168.XX.0/24 (internal_network_range) dst-address=[internal_IP] protocol=tcp dst-port=[internal_port] out-interface=bridge action=masquerade
At this point, both internal and external environments can access the internal network service using the domain name + port approach. The domain name is resolved to a dynamic public IP through DDNS.