The deduplication ports probably relate to performing client side deduplication where the remote agent directly access the deduplictaion storage on the media server , Those ports would therefore not be needed if you are not configuring deduplicatioon or client side operations with deduplication.
I believe your other ports are correct, just be aware that name resolution may need to work in both directions (use hosts files if necessary) and if the router/firewall is not the default gateway for the subnet containing either the media server or your linux hosts then you may need static routes as well. Also you need to open 10000 plus the range you configure on your firewall , not just the range.
I assum this firewall is not also providing NAT as it is difficult to get the outbound NDMP traffic and the inbound RAWS adverting traffic both working if NAT is involved.