It's useless to fight here. Is there a clause in the contract according to which the provider is obliged to supply you with your equipment or give you administrative access to yours? No. Everybody's Free.
Do not use such a provider, send it to the forest, if possible. You can also try to find the "default admin" password for this piece of hardware and reconfigure it yourself, but the RTK may well monitor it remotely, detect changes, roll back and sue itself.

So it seems that Rostelecom has subscribers not for the nat provider? I’m sitting on domra until I clicked the “disable nat” checkbox in the LC. Port forwarding didn’t work at all, all ports were closed on the provider’s nat, and you only don’t forward these ports, as I understand it. And even more so, you also have static, here the wire does not exactly block anything. You most likely have a problem not with the provider but with your terminal. Provider trimming devices, I don’t recommend buying, everything is cut down and blocked there, and when you change the provider it won’t work with another one, look at Avito a lot of cool routers from dip, but for some reason nobody needs them. So change the terminal to something of your own. IMHO.

RT-GM-3 is a Chinese hat Try to change to something normal

Prologue.There are a lot of subscriber devices (routers, modems, etc.) on which, by default, even the most basic security settings are turned off. All these devices stick out with ports 80, 23, etc.; at the same time, on many devices, especially old ones, the details for entering the settings of the admin / admin type are set; you can also use access through the superadmin login (passwords for this login for many devices can be found on the network). I recall the old models of sagemcom routers, on which passwords were hardcoded in the js code of the web interface and which could be easily found using, for example, chrome devtools in the chrome browser.
All these "vulnerabilities" are exploited to access routers/modems through guessing passwords. Use "hacked" devices in different ways. For example, phishing attacks that replace dns addresses on routers.
So, somewhere in the bowels of Rostelecom, they decided to "secure" the routers of their subscribers from such attacks by filtering incoming connections to ports 80, 23 and some others.