Let's say you need to forward access to the DVR to its web interface.
Let's select the port to access the registrar 5000
i.e. we need to forward port 5000 on the 1st Mikrotik to the address of the second Mikrotik, on the second Mikrotik forward port 5000 to port 80 of the registrar.
Well, by analogy

so, purely, for reasons of beauty.
For a radio bridge - select a separate network, because you do not need a common one with LAN1, this will make it easier to steer the channels, and it will be easier to set up a second provider for users from the first apartment.
The admin port can be changed in IP Services.
About forwarding advice from Ruslan is more than useful (and easy to understand). Nat on the first Mikrotik leads to the fact that for the second Mikrotik this traffic is simply local.
And finally, if you do normal routing (rebuild networks and channels), you won’t need double nat, you will only need routes, on the first march - to the local networks of the second, on the second march - to the local networks of the first and default routes to each other with large weights (relative to the main - first - ISP and its default route).

The problem is this: when I open ports on Mikrotik 1 so that I can reach it from the outside, the brute force of the admin panel starts, as a result, the Internet drops

1. Change the web interface port to another - IP -> Services
2. Make a rule in the Firewall - add action=drop chain=input protocol=tcp dst-port=80
3. Create a new user with FULL rights and only then delete the admin user. Be careful, you can lose access to Mikrotik.
But these are all half measures. You have a system error, you don't have a Firewall at all.