Route between two subnets

Hi, I have a CCR1036-12G-4S as the main router running 6.48.6. We run three subnets and use vlan tagging to connect to half a dozen hAP wifi devices plus a media switch.
One subnet LAN (192.168.229.0/24) has a couple of servers (one linux and one windoze10) plus some hardwired office PC on it - they can use SMB to find and connect to the servers. These can connect at high speed to internet
another subnet WIFI (192.168.228.0/24) is used for wifi connections from around the campus = these can connect to the internet (throttled) but not to the server.
recently we have done an expansion to multiple video sources and audio desks etc to stream live video - these are on a new subnet Tech (192.168.230.0/24) and can get full speed access to internet, but no access to servers.
All working as expected.
Now we would like a few specialist PC in the Tech subnet to be able to find and connect to the server at 192.168.229.229.
I thus added a couple of raw filter rules as follows
/ip firewall raw print
0 ;;; Propresenter PC to server
chain=prerouting action=accept log=no log-prefix=“” protocol=tcp dst-address=192.168.229.229 dst-address-type=“”
src-address-list=server_access

1 ;;; Propresenter PC to server
chain=prerouting action=accept log=no log-prefix=“” protocol=tcp dst-address=192.168.229.222 dst-address-type=“”
src-address-list=server_access

2 ;;; server to propresenter PC
chain=prerouting action=accept log=no log-prefix=“” protocol=tcp src-address=192.168.229.229 dst-address-type=“”
dst-address-list=server_access

3 ;;; server to propresenter PC
chain=prerouting action=accept log=no log-prefix=“” protocol=tcp src-address=192.168.229.222 dst-address-type=“”
dst-address-list=server_access

ie. specific routing in for specified PC - server and return
Tests last night showed that they could no longer connect to the server - OS is some iOS from apple - since they have changed the PC IP to the new Tech subnet
Unfortunately I am half way around the world and unable to test or setup the PC directly and rely upon a local media tech person to test. I do all the changes to the router.
Am i on the right track using the raw firewall to let these PC through to the server.
It has been some years since I played with SMB and I am unsure if getting this across to another subnet via routing is even possible.
Any pointers appreciated.
TIA Rob.

A simple forward routing rule before any forward drop rule should be sufficient.

/ip firewall filter add action=accept chain=forward comment="" connection-state=new dst-address=192.168.229.229 src-address-list=server_access
/ip firewall filter add action=accept chain=forward comment="" connection-state=new src-address=192.168.229.229 dst-address-list=server_access

Why raw? People usually use regular IP firewall (see ^^^), advantage of which is that it’s stateful, so you just allow one direction and responses can be handled automatically. Raw can work too, but only in stateless way, so you have to open also other direction for responses, which also opens it for new connections. Of course it all works together, so whether your rules should work depends on other rules you have, even if different sections.

Ok, that makes sense, forgot that raw is stateless, probably not a good idea. So have loaded this and we’ll see if that nails it.
Thanks