PfSense behind a BT Home Hub

grumpywhale

Apologies if this is a repeat, if so perhaps someone could link me to solution post. but.

I want to setup a pfSense behind a BT Home Hub, the home hub is just too unreliable and subject to crashing under load. So i want to replace DHCP NAT and Firewall by using a pfSense virtual machine.

Now i have set up the router fine, it can manage internal traffic and issue its own address pool, but its the external traffic back in i am strugling with.
The home hub cant be put in bridge mode as other posts suggest its not a option in this plastic domestic unit,

so far as i can tell i have a couple of options.

DMZ - turn off all port forwarding in the BT unit and DMZ the router. Hopefully passing all traffic to the pfsense machine. So nat is on but all traffic is passed to the pfsense to nat

Port forward to pfsense
Or could i use an ip on the hub, forward the ports to the pfsense router wan then use the pfsense to use a different internal address and nat to that, double nat but would it work.

Port forward using the BT hub
So use pf to issue IPs but use the hub to forward nat traffic, not even sure this is possible.

I really want to make the plastic bt thing do as little as is possible as asking it to DHCP, route, wifi, router in a machine that seems to be worth a fiver seems to keep crashing it. If i put more than 6 devices on it it strugles along then resets… but its only really for domestic light use so i cant blame it. i have a couple of server machines and several virtuals before anyone turns on a Firestick already...

Any help or advise would be appreciated.