Proper port forwardin/Firewall config for running server behind surf soho

I am currently running an email server with ports 25,80,443,465,993. My surf is also behind my service providers modem. I have all necessary ports from the service provider modem, forwarded to the surf soho. It seems as though I have also properly configured my surf port forwarding settings to forward all traffic from the wan interface on the above mentioned ports, to the above mentioned ports on my server address, (which is connected to my surf soho).

To make a simple example of my setup:
My Main router is
Surf Soho is plugged into the mail router, and has been assigned dhcp address in its wan.
The surf Soho Lan of course, is
The email server connected to the surf soho (behind the surf, behind the service provider router), has the static LAN address of

My problem, is my firewall settings. To me, it seems as though when an email client trys to contact the server from its public ip address (my-public-ip), lets say port 25, it seems to get through the forwarded ports, however, after it enters port 25 from my public ip, it seems to obfsuscate its port address after entering the surf soho, before It hits my server. Since it the incoming service enters on port 25, is forwarded to port 25 on the server, and has the firwall settings the "Wan Conneection=any, Protocol=TCP, Source = (my main router), single=port25, TO DESTINATION: single address=, on SINGLE PORT=25, ACTION=allow.

Would this setting open my firewall to any queries on port 25, and allow ther forwaring that i have set up, thorught the firewall back into the same port of a different local ip address (My servers ip)? Isnt that essentially what is supposed to be happening here? Because, under this configuration, I cannot recieve any emails or querys on port 25 from my server. HOWEVE, if is choose the Source settings to “Any address, any port” and maintain the same settings for the destination address, my servers seems to get email qeries on p25. So it seems that somewhere along the line, when the outside query enters on port 25, the surf soho then, redirectly that entrancy port to some other port, before attempting to send it back into port 25 of my server? Is any of my understatning on thi correct? If you are an expert, how would you properly set up port forwarding and your firewall for running an email server being the surf soho?

Any advice and help is apprecieted!

I will help to explain this.

WAN connection = Any (That is fine)
Protocol = TCP
Source = Any (We may not know the public source IP address of email clients on the internet)
Port = Any (If the email client is behind a NAT router, source port 25 could be a random port if already in use)

Destination defines what should be allowed inbound. Restricting source IPs on the internet and/or ports really locks things down. The source IP of email clients is not your main router but instead public IP addresses on the internet.