Thanks. Ok, here is the fix:
Just make sure to forward port 9735 to the host running lightningd and add --ipaddr <your public ip> to the lightningd command line.
If necessary add rpcport=8332 to bitcoin.conf and reboot.
Yes
But as I said, I would recommend a setting up a DMZ instead as your node will see all incoming connections coming from your routers LAN IP address.
This is why you don't port forward Bitcoin node, as eventually your node automatically blacklists some node for spamming and then you can't get any inbound connections as it bans your router.