Hello, I got some problems about configure RouterOS now.
RouterOS 4.9 installed on VMware ESXi (my first attempt here 
).
Everything running fine in test environment.
Please look at attached picture for network detail.
- Client PC is connected via 100 Mbps LAN
- Before using Internet, everyone must be authenticated at Hotspot login page.
- User account are maintained at Active Directory.
- RouterOS hotspot interface is setup to use RADIUS Authen.
- SNARE software installed on Active Directory Server
to send authentication log to Cisco MARS via UDP port 514. - After successfully authenticated, traffic are routed to Transparent Proxy Servers.
- Proxy server check URL for against whitelist database.
- SNARE software also installed in proxy to send log back to Cisco MARS
Problem:
- Now SNARE traffic from Proxy β MARS are blocked by RouterOS,
could someone please guide me configure RouterOS, to allow traffic to get through.
(Iβm very very new to Linux firewall, have been config only GUI-based firewalls)
EDIT:
Well, I just canβt wait and solved this problem by myself.
I was confused about Mikrotik hotspot chains,
so I went study materials from internet to learn linux firewall basics.
I added Filter Rules by >
Action = Accept
Chain = Forward
Src. Address = 192.168.0.2
Dst. Address = 192.168.1.103
Protocol = udp
Dst. port = 514
In Interface = ether2
out Interface = ether1
This is one-way traffic, so no need backward rule.
Move this filter to top, it works just fine. 
Thanks in advance.