Unable to port-forward with firewall

Question

I am trying to create a simple gateway with ubuntu that performs the functions of nat, firewall, and forwarding. With the firewall disabled I can connect to a web server located in a subnet that I created for testing. The problem is that with the firewall active, despite having opened the ports for the HTTP, I cannot reach the server.

This is the command I used to set port-forwarding

iptables -t nat -A PREROUTING -p tcp -d 10.2.1.11 --dport 80 -j DNAT --to-destination 192.168.0.2:80

This is my ufw status

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                  
80/tcp                     ALLOW IN    Anywhere                  
22/tcp (v6)                ALLOW IN    Anywhere (v6)             
80/tcp (v6)                ALLOW IN    Anywhere (v6)             

I saved the iptables config with iptables-persistant, this is its configuration file /etc/iptables/rules.v4

# Generated by iptables-save v1.8.4 on Mon Mar  8 09:45:15 2021
*nat
:PREROUTING ACCEPT [2:337]
:INPUT ACCEPT [2:337]
:OUTPUT ACCEPT [1:76]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -d 10.2.1.11/21 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.2:80
-A PREROUTING -d 10.2.1.11/21 -i enp1s0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.2:80
-A PREROUTING -d 10.2.1.11/21 -i enp1s0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.0.2:443
-A PREROUTING -d 10.2.1.11/21 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.2:80
-A POSTROUTING -o enp1s0 -j MASQUERADE
-A POSTROUTING -o enp1s0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.0/16 ! -d 192.168.0.0/16 -j MASQUERADE
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Mon Mar  8 09:45:15 2021
# Generated by iptables-save v1.8.4 on Mon Mar  8 09:45:15 2021
*filter
:INPUT ACCEPT [229:16530]
:FORWARD ACCEPT [38:19834]
:OUTPUT ACCEPT [126:21312]
:ufw-after-forward - [0:0]
:ufw-after-input - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-before-input - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-output - [0:0]
:ufw-reject-forward - [0:0]
:ufw-reject-input - [0:0]
:ufw-reject-output - [0:0]
:ufw-track-forward - [0:0]
:ufw-track-input - [0:0]
:ufw-track-output - [0:0]
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
COMMIT
iptables-save > /etc/iptables/rules.v4# Completed on Mon Mar  8 09:45:15 2021

10.2.1.11 is the ip of the external gateway interface (enp1s0) 192.168.0.1 is the ip of the internal gateway interface (enp6s0) 192.168.0.2 is the IP of the webserver

update: I tried to reset the firewall and set it to accept every connection by default but the problem persists. Could it be that once the firewall is enabled it has a higher priority than iptables and therefore the forwarding rules are ignored?