Why forward all "TCP" ports? According to
this, UDP 3658 is all you need.. additional ports are listed on that article, definitely a better idea to setup a
pf(4) ruleset... UPnP and DMZ are drastically insecure.
EDIT: Scroll down to "NAT Type 3" in that article, that's where the related information is.