I responded to you on twitter, but I figured a more detailed response here was due. Even though this is not a verizon FIOS problem, but an end user problem, I figured I'd help. The problem is NOT the Actiontec. With all due respect, the problem seems to be the user. 

Firstly, 443 is a https port. It is not blocked, and neither are any of the ports you mentioned on residential FIOS lines. This is a fact. If you claimed so on your complaint, your complaint to the BBU is incorrect and false. 

Secondly, disabling the firewall completely would fix this issue. If you go back to your original setup (which I wouldn't recommend, a dd-wrt handling the routing is probably better than the AT anyways), could you make sure you APPLIED the settings? I have a feeling user error is at hand here. 

All TCP packets should begin with a SYN. This is how connections are established. If your microcell is attempting TCP connections without SYN, it would cause these errors. Could you please post specifics of your microcell? What incoming ports does it need open? What protocols does it use? tcp/udp? Technical specs would prove useful in this situation.

If all else fails, hit me up on twitter and I'll guide you on how to disable the firewall on the AT manually to ensure it's not running. 

Also, some reading material on how tcp connections work & why you would get this error:

http://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment

I hope I've helped, if only a little bit! Good luck.

edit: Just reviewed the firewall logs again, & it seems as if the default policy is to block tcp packets that dont start with a SYN handshake? i'm not 100% sure if disabling the firewall would leave you vulnurable to syn flooding, but it seems good practice to have this kind of rule in place.

Also, placing your microcell in the DMZ will NOT bypass all router config as you mentioned on twitter. It simply forwards ports, at least on the AT. See: http://en.wikipedia.org/wiki/DMZ_(computing)#DMZ_host