You might want to try a derivative of my setup. Not tried it but cannot see why it will not work.
I too am double nat’d. However I route on my local network, and (for reasons) want double NAT to the Internet.
In system->advanced Settings, log into OpenWrt Luci, username root, same password as normal interface.
On network interface, goto firewall and select the NAT tab.
My rule is
You could try changing:
the source address to your Lan subnet, out of the box 192.168.8.0/24
the destination address to 0.0.0.0/0
In principal this should match all packets, and perform the ACCEPT No NAt, before we hit the default rule that nat’s the output.
You’ll need a static route for the router upstream of the Slate/AX. Anything on the same subnet as the Slate will need its own routing entry, otherwise you’l need to NAT it back via the upstream router.
You’ll also have to allow traffic to flow through the slate.
On the Traffic Rules, you’ll need to ad d a rule allowing traffic from the subnets in front of the Slate, to the subnets behind it, my rule for the NAT rule above above:
Again your source should be 0.0.0.0/0, and your destination the lan subnet(s), typically 192.168.8.0/24
You should probably write a rule blocking access to the router itself from the WAN. Place this above your no-nat rule, and below any rules you have that open ports on the router such as ssh, or web.
I think the GL-Inet firewall rules will be above by default for open ports.
Hope this helps, if you need more info let me know. At work tomorrow so might not be able to get back straight away.