How can I NAT LAN IP/port to another LAN IP/port in QNAP NAS

First, I explain why I need NAT for the IP/port redirection within the same LAN segment. Well, smartphone, tablet and laptop have apps that use resources on home NAS. Some of these resources are installed in containers on the same NAS and are in the same LAN as the main address of NAS (bridge mode). One application I have installed on another computer (Raspberry Pi). Only the main address of NAS is identified on the Internet via FQDN. Of course, on the router, there is defined redirection of traffic from the Internet to the main address of NAS. However, if the tablet is in the LAN, the internal DNS (for LAN and WAN) will return to a request containing FQDN not a public address but a LAN address. In the application on tablet I can not set a different name of server when I'm in a LAN a network and another when I am connected via the Internet. Hence the need to use NAT within LAN

Meaning of IP addresses:

192.168.0.7 - main address of NAS
192.168.0.203 - first container in NAS
192.168.0.204 - second container in NAS
192.168.0.25 - address of Raspberry Pi

To perform the appropriate NAT translation, the following iptables entries were used

-A PREROUTING -d 192.168.0.7/32 -p tcp -m tcp --dport 45083 -j DNAT --to-destination 192.168.0.204:443
-A PREROUTING -d 192.168.0.7/32 -p tcp -m tcp --dport 8083 -j DNAT --to-destination 192.168.0.203:8081
-A PREROUTING -d 192.168.0.7/32 -p tcp -m tcp --dport 8082 -j DNAT --to-destination 192.168.0.25:8082

The first two of these lines (regarding routing within NAS ourselves) work correctly. The third line performing traffic redirects to an external device does not perform it. I tried to add various FORWARD and POSTROUTING entries but still does not work. I need all incoming traffic to address 192.168.0.7 on the port 8082 to be redirected to the address 192.168.0.25 also on port 8082. Unfortunately, I could not get it and "nmap" always shows that the port is "filtered". Can anyone help me solve the problem? Below is a full list of iptables rules. (output from "iptables-save")

# Generated by iptables-save v1.4.21 on Tue Mar 16 18:53:48 2021
*nat
:PREROUTING ACCEPT [5052:385310]
:INPUT ACCEPT [1601:157443]
:OUTPUT ACCEPT [3890:293400]
:POSTROUTING ACCEPT [7084:494945]
:DOCKER - [0:0]
:SYSDOCKER - [0:0]
:SYSNAT - [0:0]
:VPNNAT - [0:0]
-A PREROUTING -d 192.168.0.7/32 -p tcp -m tcp --dport 45083 -j DNAT --to-destination 192.168.0.204:443
-A PREROUTING -d 192.168.0.7/32 -p tcp -m tcp --dport 8082 -j DNAT --to-destination 192.168.0.25:8082
-A PREROUTING -d 192.168.0.7/32 -p tcp -m tcp --dport 8083 -j DNAT --to-destination 192.168.0.203:8081
-A PREROUTING -m addrtype --dst-type LOCAL -j SYSDOCKER
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT -m addrtype --dst-type LOCAL -j SYSDOCKER
-A OUTPUT -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -o lxcbr0 -m addrtype --src-type LOCAL -j MASQUERADE
-A POSTROUTING -o docker0 -m addrtype --src-type LOCAL -j MASQUERADE
-A POSTROUTING -m mark ! --mark 0x0/0xffff -j MASQUERADE
-A POSTROUTING -j VPNNAT
-A POSTROUTING -j SYSNAT
-A SYSNAT -s 10.0.5.0/24 ! -o docker0 -j MASQUERADE
-A SYSNAT -s 10.0.3.0/24 ! -o lxcbr0 -j MASQUERADE
COMMIT
# Completed on Tue Mar 16 18:53:48 2021
# Generated by iptables-save v1.4.21 on Tue Mar 16 18:53:48 2021
*mangle
:PREROUTING ACCEPT [115997:59201835]
:INPUT ACCEPT [75522:37213911]
:FORWARD ACCEPT [50460:25389774]
:OUTPUT ACCEPT [66153:9393450]
:POSTROUTING ACCEPT [116882:34812088]
:CHECKHOST - [0:0]
:VPNCHECKHOST - [0:0]
:VPNCUSSETMARK - [0:0]
:VPNDEFSETMARK - [0:0]
:VPNSETMARKENTRANCE - [0:0]
:VPNTCPMSS - [0:0]
-A PREROUTING -m set --match-set VPNSET src -m set ! --match-set HOSTSET dst -j VPNSETMARKENTRANCE
-A INPUT ! -d 169.254.0.0/16 -j CHECKHOST
-A INPUT -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A OUTPUT -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A OUTPUT -m set --match-set HOSTSET dst -j MARK --set-xmark 0x10000/0xf0000
-A POSTROUTING -p tcp -m mark ! --mark 0x0/0xffff -m tcp --tcp-flags SYN,RST SYN -j VPNTCPMSS
-A CHECKHOST -m set --match-set NATSET src -j MARK --set-xmark 0x10000/0xf0000
-A CHECKHOST -j VPNCHECKHOST
-A VPNCHECKHOST -m set --match-set VPNSET src -j MARK --set-xmark 0x10000/0xf0000
-A VPNCUSSETMARK -m set --match-set vpndocker0 src -j MARK --set-xmark 0x900/0xff00
-A VPNCUSSETMARK -m set --match-set vpnlxcbr0 src -j MARK --set-xmark 0xa00/0xff00
-A VPNCUSSETMARK -m set --match-set vpnqvs0 src -j MARK --set-xmark 0xb00/0xff00
-A VPNDEFSETMARK -s 10.8.0.0/24 -j MARK --set-xmark 0x80/0xff
-A VPNSETMARKENTRANCE -j VPNCUSSETMARK
-A VPNSETMARKENTRANCE -m mark --mark 0x0/0xffff -j VPNDEFSETMARK
COMMIT
# Completed on Tue Mar 16 18:53:48 2021
# Generated by iptables-save v1.4.21 on Tue Mar 16 18:53:48 2021
*filter
:INPUT ACCEPT [89540:42032714]
:FORWARD ACCEPT [58919:29309422]
:OUTPUT ACCEPT [80104:11601972]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
:SYSDOCKER - [0:0]
:SYSDOCKER-ISOLATION-STAGE-1 - [0:0]
:SYSDOCKER-ISOLATION-STAGE-2 - [0:0]
:SYSDOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o lxcbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o lxcbr0 -j DOCKER
-A FORWARD -i lxcbr0 ! -o lxcbr0 -j ACCEPT
-A FORWARD -i lxcbr0 -o lxcbr0 -j ACCEPT
-A FORWARD -j SYSDOCKER-USER
-A FORWARD -j SYSDOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j SYSDOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A OUTPUT -m set --match-set BRNOIPSET src,dst -j DROP
-A DOCKER-ISOLATION-STAGE-1 -i lxcbr0 ! -o lxcbr0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o lxcbr0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A SYSDOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j SYSDOCKER-ISOLATION-STAGE-2
-A SYSDOCKER-ISOLATION-STAGE-1 -j RETURN
-A SYSDOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A SYSDOCKER-ISOLATION-STAGE-2 -j RETURN
-A SYSDOCKER-USER -j RETURN
COMMIT
# Completed on Tue Mar 16 18:53:48 2021