First off, allowing all traffic as default defeats the purpose of the firewall, might as disable it.
Destination is not the NATted IP, but rather the IP of the public IP, the source is usually set to Any, unless you only want a specific IP to access the VM. I also usually don’t specify the port for the source, it is probably more secure to specify. I haven’t really tested that though. I