[randallrash]

I have Kodi Media Center installed on nVidea Shield. I am using the OpenVPN client on the router to connect to a PureVPN account, and routing ONLY the IP of the nVidea Shield through the VPN. Everything else on my network goes through WAN/ISP.
But I need external access to the port that Kodi is using so that Kodi can receive JSON commands from Google Home via IFTTT to issue voice commands like "Watch next episode of Pawn Stars", etc.
So I basically need to port forward from the WAN to this single IP that is connected to VPN. I have DISABLED port forwarding in the dd-wrt GUI (do I need to disable all GUI port forwarding or just the 1 to the VPN client)? I have studied and tried IPTABLE examples from other threads and NAT'ed and Mangled packets and re-read everything @EIBGRAD has posted...so thankful for his contributions...but after 4 weeks I think I am missing a simple switch or command.
I am NOT using the Policy Based Routing GUI, as @EIBGRAD has stated that won't allow port forwarding.
If anyone would please help solve this puzzle, I would love to post whatever logs might help (IPtables, firewall, etc.)
I am using a Netgear R7800 router with dd-wrt v3.0-r331980M (5-11-17). Also note that I DO NOT want to take the easy way and port forward "through" the VPN. I want to understand this so that I can manage any changes that are needed in the future.
I am using the firewall rules below,and bringing up the OpenVPN client and connecting to PureVPN. I have the commands below in "Additionl Config", so this connects to VPN with no traffic routed through it.
I can manually run the script below to route the nVidea Shield (192.168.1.55) through the VPN.
--------------------------------
Additional Config:
reneg-sec 0
keepalive 10 120
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
route-nopull

Port 44444 is what I have selected to forward to Kodi.
I attempted (and would prefer) to use @EIBGRAD "ddwrt-ovpn-split-basic.sh" script as it would allow future modifications if things change, but have not succeeded.

Script to route nVidea Shield (192.168.1.55 through VPN:
#!/bin/sh
set -x
# MASQUERADE
iptables -I POSTROUTING -t nat -o tun1 -j MASQUERADE

# Set the default route for table 200 as over the VPN
ip route add default dev tun1 table 200

# Assign all outgoing connections from 192.168.55 to table 200 (so they go over the VPN)
ip rule add from 192.168.1.55 table 200

# Assign all packets marked with 11 to table 200 (so they go over the VPN)
ip rule add fwmark 11 table 200

# Flush the cache
ip route flush cache

@EIBGRAD scripts in the Firewall: (ddwrt-ovpn-pbr-to-wan)
#!/bin/sh
# http://www.dd-wrt.com/phpBB2/viewtopic.php?t=290036
(
set -x

TID="100"
FW_MARK="0x88"
NAS_IP="192.168.1.55"

# cleanup from prior execution (when applicable)
(
ip rule del fwmark $FW_MARK table $TID
-j MARK --set-mark $FW_MARK
iptables -t mangle -D PREROUTING -p tcp -s $NAS_IP --sport 22 \
-j MARK --set-mark $FW_MARK
iptables -t mangle -D PREROUTING -p tcp -s $NAS_IP --sport 80 \
-j MARK --set-mark $FW_MARK
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $i
done
ip route flush table $TID
ip route flush cache
sleep 3
) > /dev/null 2>&1

# add WAN as default gateway to alternate routing table
ip route add default via $(nvram get wan_gateway) table $TID

# force routing system to recognize our changes
ip route flush cache

# disable reverse path filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > $i
done

# mark packets from NAS service ports (these use WAN)
iptables -t mangle -I PREROUTING -p tcp -s $NAS_IP --sport 44444 \
-j MARK --set-mark $FW_MARK

# start split tunnel
ip rule add fwmark $FW_MARK table $TID

) 2>&1 | logger -t "ovpn_split[$$]"