This is CG-NAT. It means you do not have a public IPv4 address and therefore you cannot reach your router directly over IPv4. If you have IPv6, you may be able to connect, but if not, game over (mostly).
You should ask your ISP if they can provide a public IP. Sometimes they can, other times they cannot, and of course it may be possible at an additoinal cost.
You can also setup a VPS and then basically make it a 'middleman' for the connection -- you could setup a VPN on the VPS, the router and your remote device would both connect to the VPS and the VPS would be responsible for routing between the two remote endpoints. This is obviously not nearly as simple, though.
Ultimately, that's up to you, and depends if you go the VPS route (which would then be mostly unrelated to this) vs a public IP from your ISP.
The traffic rule described in your first attempt (aside from the bit about it being disabled) is the correct method of opening a port.
Another thing to mention while we're on the topic...
If you're trying to access your router or your network remotely, VPN is the preferred method. You can easily make your router a VPN server (using protocols such as Wireguard or OpenVPN)... this improves the security posture of your situation by not allowing random connections from the internet to potentially brute-force the credentials for ssh (or the LuCI wb interface, which is not hardened for exposure to the internet). SSH is considered secure, but you will get a ton of bots attempting to attack (a very strong password, or better ssh keys) is a must.