Yes, that's one of the downsides of chaining routers. Now you're double NAT'd and behind two firewalls.
The crudest means to rectify the situation is to port forward on both the Thompson and TP-Link.
An alternative is to assign the WAN of the TP-Link a static IP from the Thompson (so it never changes) and place that IP in the DMZ of the Thompson. Now all traffic that would otherwise be blocked by the Thompson's firewall will be automatically redirected to the TP-Link's firewall, and thus you’ll only need to manage the TP-Link firewall from then on.
Of course, both the above assume you have those features available to you and that the ISP has not “locked down” the Thompson in some fashion to prevent it.
As I said before, the *best* way to solve this problem is to demote the Thompson to only being a modem (i.e., completely eliminating its routing capabilities, the double NAT, double firewall, etc.). But to do that, the Thompson must support “bridge mode”, and unfortunately I’m not familiar enough w/ that router to even know if it’s possible. Some of modem+router devices support it, some don’t. But you might want to ask your ISP if it is possible. Perhaps he’s asked this routinely and even has instructions!
But if “bridge mode” is either not available or something you can’t address at the moment, you’re left to either manage both firewalls or redirect the Thompson firewall to your firewall via the Thompson DMZ.