Hello,
Can anyone please explain what “chain src-nat with action accept” does and what do they use it for.
Thanks 
The action=accept is used to exclude something from a specific rule. I used this recently. The example below excludes 192.168.0.2 from the redirect because it is a separate proxy server that you do not want going through the router’s transparent proxy. All other 192.168.0.x ips will go through the router’s proxy. edit: It is actually a dstnat, but the theory is the same.
/ip firewall nat
add chain=dstnat action=accept src-address=192.168.0.2 dst-port=80 protocol=tcp
add chain=dstnat action=redirect src-address=192.168.0.0/24 dst-port=80 to-ports=8080 protocol=tcp
You can actually do similar tricks in all of the nat and mangle chains. Very useful.
Thanks SurferTim,
can you please explain the following configuration and what it does
add chain=src-nat action=accept src-address=192.168.1.0/24 dst-address=192.168.2.0/24
add chain=src-nat action=accept src-address=192.168.2.0/24 dst-address=192.168.1.0/24
these are two subnets on 2 different interfaces but same router .
Thanks
can you please explain the following configuration and what it does >
add chain=src-nat action=accept src-address=192.168.1.0/24 dst-address=192.168.2.0/24
add chain=src-nat action=accept src-address=192.168.2.0/24 dst-address=192.168.1.0/24
That keeps any srcnat rules from applying to those src and dst ip ranges. Normally the way I set up srcnats and masquerades, I don’t need those rules. However, if you have a rule like this, you would need that.
/ip firewall nat
add chain=srcnat action=masquerade
If you used an out-interface on that rule, you wouldn’t need the accept rules.