Can't connect to MQTT broker remotely via port forward

I have a hacked Sonoff on an external network which I need to connect to my MQTT broker on my emonpi on my internal network but I can’t get it to connect.

I’ve setup dyndns as I don’t have a static IP, as well as port forwarding to the emonpi IP on port 1883 but on the client I always get the error

02:21:14 MQTT: Connect FAILED to, rc -2. Retry in 10 seconds

I know the forwarding works as the sonoff will connect to a broker I have on another Pi if I redirect the forwarding.

I’ve gone through these steps to make sure its not an authentication issue

sudo nano /etc/mosquitto/mosquitto.conf
Set persistence false and add the lines:

allow_anonymous false
password_file /etc/mosquitto/passwd

Create a password file for MQTT user emonpi with:

sudo mosquitto_passwd -c /etc/mosquitto/passwd emonpi
Enter password emonpimqtt2016 (default)

I’ve also tried allowing anonymous but still no change.

I can only think there is some other security preventing the remote device connected but I don’t know enough about the config to be able to find it.

I should add that I can connect to the broker on the emonpi via my openhab installation on a different pi using the default credentials and also using MQTT.fx on my PC which is happy to connect with or without credentials.

Can anyone point me in the right direction?