Your ISOLATE_GUEST_VLAN_IN rule 20 looks fine. But your NAT setup isn't
You're using the portmap "wizard"
It only places dNAT rules on WAN interface, they only work for packets entering WAN interface.
But you want the same dNAT rules to be active on guest interfaces, so portmap wizard rules aren't usable.
Create dNAT rules instead, on WAN and both guest networks.
A single masquerade rule for outgoing traffic on switch0 is required. Filter on source IP 192.168.1.0/24 and forwarded ports