I just learned something today about NAT port forwarding. I had incorrectly assumed the settings under Firewall > Settings > Advanced would cause the corresponding WAN rule to be created. However, it gets created when you select "Add associated filter rule" option at the bottom of the NAT port forward rule. However, if you only have one WAN, you can also select "Pass". If you select "Pass", the corresponding WAN rule will not be displayed but the NAT port forward should still work properly.