Hey,
To rule out firewall issues you can allow all traffic momentarily. That is, Accept in all fields where you have Reject. In this case, Input, Forward, and in the WAN→Reject area are all in Accept. On the other hand, I see issues in the routing table. I don't see the gateway for the internet output, here you see it.
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 wwan0
10.126.75.203 0.0.0.0 255.255.255.255 UH 0 0 0 wwan0
10.168.207.0 10.200.139.148 255.255.255.0 UG 0 0 0 tun_c_sconnect
10.200.128.192 10.200.139.148 255.255.255.240 UG 0 0 0 tun_c_sconnect
10.200.128.224 10.200.139.148 255.255.255.240 UG 0 0 0 tun_c_sconnect
10.200.136.0 10.200.139.148 255.255.255.0 UG 0 0 0 tun_c_sconnect
10.200.140.128 10.200.139.148 255.255.255.224 UG 0 0 0 tun_c_sconnect
10.200.140.160 10.200.139.148 255.255.255.224 UG 0 0 0 tun_c_sconnect
192.168.205.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
I imagine that you go out to the internet through the WAN interface 10.126.75.203. You can modify the table with the command by ssh IP route add 0.0.0.0.0/0 via 10.126.75.203.