Question : Cisco Rv042 -- how do forwarding rules and firewall access rules work together?  And PPTP

Two part question:

Cisco Rv042 -- how do forwarding rules and firewall access rules work together?  Example, if I forward all port 25/SMTP  traffic from the Internet to a LAN IP 192.168.0.123, then what if there is an access rule to thwart that?  In fact there is, the default rules block all traffic from the WAN to the LAN.  Yet it seems to work fine.. as though forwading trumps access rules -- as though access rules are for non-forwaded traffic.  The RV-042 user guide does not make this clear.

Also, I have those three default rules for the Firewall Access rules -- two of which are (1) all traffic on LAN i/f for from any source to any dest is allowed, (2) any WAN1 traffic from  any src to any dest is *DENIED".  I don't mention the third because WAN2 is not used.

So, do I really need to set up firewall access allow/deny rules if the forwarding refers to ports like 21, 443, 1723, etc., to be forwarded to their respective LAN servers (say 192.168.0.123 for all of them in this example).  Not sure.  That is, since that forwarding seems to trump the "any WAN1 traffic to the LAN is denied access rule, what would be the point of adding any additional access/deny rules?

Part 2: For PPTP, I port forward 1723 to 192.168.0.123 but I do not do this for GRE -- in fact, I don't mention GRE anywhere -- is the GRE port (47) needed in a forwarding rule?   If so, why does VPN'ing seem to work without any forwading for GRE port 47 and with the default access rule "deny all WAN to LAN"?

Answer : Cisco Rv042 -- how do forwarding rules and firewall access rules work together?  And PPTP

I have spoken to the guys would really have development this and they are the guys from Linksys.  the is before cisco and linksys became one.  There advise was alway leave the firewall as is, and just use the forwards as to not unintentially allow unwanted traffic to flow in.  This is why there VPN client doesn't need any extra port open to work.