Looking at it simply, just port forward from your UniFi to your CCTV. When connecting to the CCTV, ensure that you use the IP address of UniFi.

You can use Firewall Masquerade to mark the connection to desired line, eg "Only WAN1". You need to use Address Lists for this.
Take a look at this script*, change [WAN2 INTERFACE] according to your setup:

/ip firewall mangle
add action=accept chain=prerouting disabled=no in-interface=pppoe-out1
add action=accept chain=prerouting disabled=no in-interface=[WAN2 INTERFACE]

add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:1/0 src-address-list="Only WAN1"
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses:1/0 src-address-list="Only WAN2"

add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat disabled=no out-interface=[WAN2 INTERFACE]

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=[WAN2 INTERFACE] routing-mark=to_wan2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=[WAN2 INTERFACE] scope=30 target-scope=10

/ip firewall address-list
add address=192.168.18.1-192.168.18.10 list="Only WAN1"
add address=192.168.18.11-192.168.18.100 list="Only WAN2"
*For your reference only, not tested by me as my setup uses 3 pppoe connection, not 1 pppoe and 1 wan like yours.

I don't think so, since u specify which ip address uses which WAN.