Depends... if you're coming from the outside (public internet) to your internal network, then you'll need to find a port or service forwarded through the router, to an internal machine, to attack, or find some way to get access through a host on the inside.  Malicious email / website to push code down, or deceive user into running some shellcode or something with a reverse shell, etc.  ARP redirection will only be applicable on the same network / subnet, not to fully bypass a router from the outside, in.

OK, again, if your router ports aren't being forwarded through (as I'd mentioned in my previous response) you won't be able to 'see into the internal network, behind the router,' via an nmap scan or the like.  All you can do is work with ports that DO get through (aren't being filtered) or you're going to have to try to be manipulative and accomplish some sort of client-side exploit, via webpage / email / whatever, and gain reverse shell access to a machine that IS behind the firewall.

Basically, if NO ports and services are being allowed past the router / firewall, then there ARE no exploits that'll gain you access (which seems to be the direction you're WANTING to go,) further than the public interface of the router or firewall, unless you gain access via a client-side exploit.  You could TRY to firewalk past the firewall / router (manipulate packets' time-to-live to try to enumerate hosts behind it,) but if all of the ports are being filtered AT the router, than you won't get any further via that method, either.

Your only other options would be if you somehow accessed any configured remote management on the router, or found some sort of exploit for said router, that gave you the ability to reconfigure it, etc.  But otherwise, that'd be correct.

Is there a way to guess what type of router it is nmap -A doesn't work since all ports are filtered. What steps could be taken to more or less enumerate the router itself instead of the computers behind?

Are you running some remote management service on the router, like telnet ot perhaps SNMP? Someone could connect to them and try to enumerate it.

You can also try using p0f , however, I'm not sure if it can detect type of router.

However, since you're using a NAT configuration, you aren't scanning any of your systems. Instead your nmap scan shows the result of router ports. Unless you're forwarding some port from your router to any of your system you shouldn't worry about someone compromising your system from the outside. There are, however, other methods to bypass your router. Someone could try a social engineering attack against you and try to take advantage of client side exploits to launch a reverse shell back to attacker or install a malware to get hold of your password and other data.

p0f works for remote systems too. It sniffs the packets coming from the remote host to your system and based on the header fields tries to discern the OS type.
However, I don't think it has signatures to detect router type.

Have you tried using fragmentation? Most of the firewalls now are not easily fooled by it but you can still try. Also, note that an attacker need not try to compromise your system from the outside.  He could gain access to your systems by other methods such as malwares and make a reverse connection (Netcat, anyone?) to him.  Or he could exploit a browser vulnerability and gain access through it. All these methods are used to bypass the firewalls.

Protection by firewall is a combination of properly configuring it and using good ACLs. Attackers test you ACL while trying to bypass your firewall. Also like I earlier pointed out, make sure that you don't use remote management like telnet on your router. Normally you don't need it for a home network.