Have you looked at using the Funnel feature in Tailscale, instead of port mapping? This gets external traffic onto your Tailscale network (for anyone who doesn’t have Tailscale) for specific resources, courtesy of Tailscale servers.
If you’re just going to open ports to the world, Tailscale isn’t really necessary (it’s useful for you and anyone on TS, since you can use the Serve feature to permit other Tailscale networks to have access to specific resources).
Lollerskater