Hi, guys.

I have the issue. Description:
In the office i have 2 routers (RB2011 and hAP ac^2). The first router (RB2011) has white IP from ISP. On it's boards, after NAT, set up DHCP for LAN(192.168.88.0). Wired and wireless networks united in this LAN.
The second router(hAP ac^2) connected to the first router via WAN-port and has IP address (192.168.88.5). Then it have NAT and another LAN (192.168.44.0) with DHCP on it. Wired and wireless networks united too.

I need to throw a port in the Internet for the single Hikvision IP camera. I must connect the camera to the second router via Wi-fi, but i know that it will not work through 2 NATs.

What you can advise to me? What can i do for solution this problem?

Thanks for your attention.

I would instead use CAPsMAN on one of the devices to control the APs on both devices and have a common WiFi coverage with multiple SSIDs in parallel from both APs, but to answer what you've asked, for two stacked NATs you need two stacked port forwards. On the 2011 you have to do a dst-nat from its WAN (public) address to the WAN address of the hAP ac² (in 192.168.88.0/24), and on the hAP ac² you have to make another dst-nat from its WAN address to the address of the camera (in 192.168.44.0/24). Examples to be modified as appropriate:

2011:
/ip firewall nat add action=dst-nat chain=dstnat in-interface=ether1 protocol=tcp port=30443 to-addresses=192.168.88.5 to-ports=30443

hAP ac²
/ip firewall nat add action=dst-nat chain=dstnat in-interface=ether1 protocol=tcp port=30443 to-addresses=192.168.44.camera to-ports=443

Depending on your existing filter rules, you may or may not add a filter rule saying action=accept chain=forward connection=nat-state=dstnat somewhere among the permissive exceptions.

Change your hAP ac^2 to bridge mode so you have only one internal network, unless you want to separate them for some other reason.