iptables

How to open ports on Openwrt (web, rdp, torrentstream)?

Hello.
Colleagues, tell me how to open ports on openwrt for RDP, TorrentStream and Webserver?
What I have:
1. Asus RT-N13-U B1 router with OpenWrt BarrierBreaker 14.07
2. Beeline provider with dynamic external ip.
3.Dydns (no-ip.com) is configured on the router, ping to the registered host returns my external dynamic ip.
4. Raised upnp (port 5000)
What I want:
1. Access to one of the computers in the home network via RDP
2. Viewing TorrentTV in XBMC
3. Access to the router from the Internet
I registered in /etc/config/firewall, as it seemed to me, the correct rules, with forwarding ports 80 and 3389, and opening 80, 3389 and 8621, but nothing works. Config below. Help, please understand.
[email protected]:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output ' ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 BeeLine'
option input 'REJECT'
option forward 'REJECT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header -type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.1.1'
option dest_port '80'
option name 'Router_From_Inet'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp udp'
option dest_port '8621'
option name 'TorrentSteam'
option dest 'lan'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '80'
option name 'RouterInet'
config rule
option enabled '1'
option target 'ACCEPT'
option src 'wan'
option proto 'tcp udp'
option dest_port '3389'
option name 'RDP'
option dest_ip '192.168.1.224'
option dest 'lan'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '3389'
option dest_ip '192.168.1.224'
option dest_port '3389 '
option name 'RDP'