This isn't a critical issue as there is a work around. but we noticed that if you place a port forward into the router. It will place the port forward in the wanin list. Of course this doesn't listen to anything coming from the tunnel so it gets dropped.
Of course the quick solution we found was to just do:
iptables -t nat -A PREROUTING -p tcp —dport 81 -j DNAT —to-destination 192.168.2.99
iptables -A FORWARD -s 192.168.2.99 -p tcp —dport 81 -j ACCEPT
if anyone has a better solution that would be great. :)