@hayedid:
Sure, triple NAT may not be a perfect plan, but shouldn't it work?
It should, theoretically. Some services have a hard time with multiple layers of NAT but most stuff works fine. The fact that yours didn't implies one of your devices was doing something wrong almost certainly the Asus since switching that to AP mode fixed it. Handing out the wrong gateway, incorrect subnet mask, bad route, it could be many things. Running it in access point mode is much better though.
@hayedid:
I really need to be able to see and login to my modem and router. If they are in bridge mode, I lose that ability.
You can still access the Asus in access point mode. Often you can still access an upstream router in 'modem' or bridge mode by using an additional IP on the WAN. See:
https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall
@hayedid:
Incidentally, I did turn 'Block Private Networks' off since my modem is not setup in bridge mode. Does this open me up to any additional hacking?
No. Everything from WAN is blocked by default anyway. That settings only serves as an additional block if you have a public IP on WAN. You should never see private IPs on the WAN in that situation so anything that arrives from a private address must be bogus and should be rejected even if you have port forwards set up.
Steve