If you need to be able to ssh to the router from the upstream (192.168.1.0/24) network... this is easy to accommodate. You can do this in a few ways, but fundamentally if your upstream network is trusted, you can simply set the "input" wan zone to accept. NEVER do this if your router is connected to an untrusted network such as the internet.
that's exactly what is expected in this configuration.
Is your problem now solved?
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.