I was trying to help my friend over remote desktop, I had no physical access to the device. I've worked with Linksys ATA's, but not with this Grandstream branded ATA...
From what my friend was reading to me from an instruction sheet provider, it said specifically to forward those ports to the VoIP ATA's LAN IP.
I told my friend to call back if she needs more help.
Well the one who wrote the instruction didn't know what he is talking about. Port forwarding should only be required if you want to receive direct IP calls not from your SIP server (freephoneline in that case). Most users don't need this. I would even say that most users don't want this since you can receive spam this way (although unlikely)
I checked the voip.ms configuration guide and there is nothing about port forwarding »wiki.voip.ms/article/Devices
When done correctly, really only servers needs to use port forwarding to allow in packets from clients. It is not like you are the VoIP provider or anything that requires someone's client to initiate services from your ATA.
This ass backward scheme with the port forwarding is there presumably that the person has no clue how to configure the NAT support correctly and relies on the forwarding itself to push the return packets from the server to the client.
Randomly exposing ports behind a firewall is asking for trouble from a security point of view.
Most softphones would at least be smart about NAT transversal or use a STUN server to figure out the WAN address.