1. Enable ssh access on the WAN
Go to System->Administration. Under SSH Access, make sure "unspecified" is selected for Interface. This allows SSH access on both the LAN and WAN interfaces.
2. Now, open the appropriate port in your firewall. There are two ways to accomplish this. You can either add changes to /etc/firewall.user or /etc/config/firewall.
A. To use the first method, add the following lines to /etc/firewall.user. Note the example below specifies port 22 as the SSH port.
iptables -t nat -A prerouting_wan -p tcp --dport 22 -j ACCEPT
iptables -A input_wan -p tcp --dport 22 -j ACCEPT
B. To use the second method, add the following to /etc/config/firewall. Note the example below specifies port 22 as the SSH port.
option src wan
option dest_port 22
option target ACCEPT
option proto tcp