I think @dkay is trying to make note that your WAN IP 192.168.91.123/21 is not a Public IP address. So it's probably a good idea to make sure you've made all firewall settings on any upstream Internet device too.
In general, it doesn't matter if it is a cable or DSL modem, or an ONT or something else... the real question is this: do you control the upstream connection to your router? Your WAN has an RFC1918 address (i.e. a "private" address that is not publicly routable). In order to forward ports, you must first forward them from the real public IP to your OpenWrt device's wan address (192.168.91.123). If you cannot make changes to the upstream network's configuration, you will be unable to open/forward any ports to devices behind your OpenWrt router.
To recap: For port forwarding to work, you must have a public IP on your wan (or if not, you must be able to have configuration access to the device that does have the public IP so that you can setup forwarding in 2 steps).
Therein lies the question. But we (the contributors) had no way to know that you didn't control that piece of equipment... that's why you were asked what (modem or other device) was upstream of your OpenWrt router. We've all learned together in this case that you have an upstream network that you cannot control and does not provide a public IP to your OpenWrt wan.
With all of that said, you've reached a dead end with the standard methods with IPv4.
If your upstream network provides you with a proper public IPv6 address (currently not configured on your OpenWrt device), you could use that instead of IPv4. Or, you could use a VPS or other VPN service that provides you with a public IP address that can be used in this way -- this is far more advanced in terms of the configuration process, though and often involves paying for this additional capability.
@K14M your provider needs to want to help you in order for you to be visible from internet. I assume the provider would not want to do this. Basically you will have to be master at tunneling to make this happen by yourself.
If you feel it's what you can accomplish, then the plan is to rent a VPS with public IP, run sshd on that VPS at port 443 tcp (pretend it's HTTPS), make a ssh tunnel to said VPS. While configuring tunnel you will use -R option of ssh to forward local port where your app listens to VPS's IP so anyone from internet who connects to the VPS would connect to your computer (by tunnel).
@K14M Rather than try to use fort forwarding through the two or more devices in order to access services on your network remotely, you should look into using a service such as Tailscale or Cloudflare Tunnel. These run an agent within you network which sets up a tunnel to an endpoint in the provider's network on which a reverse proxy runs, providing access to your local service on a public address, but with additional protections.