Hi, I need a wired-only router with 1G Ethernet ports. It needs to have at least one port for "WAN" to connect to the ONT, and have NAT capability. It must also have at least three other ports that can be configured as switched ports for LAN connectivity. And the router needs to support DHCP and static mappings.
The reason is because I have two pfsense firewalls in a HA configuration, so I need three IP addresses on the WAN...the ONT only provides one IP address. Three switched LAN ports are required; one for each of the pfsense firewalls and one as a spare maintenance port. I could get away with one LAN port but I'll then need to get another switch which I want to avoid. All traffic hitting the wired router from the pfsense firewalls will only be traffic intended for the WAN so I don't see the wired router need be especially capable.
Also, I'm not particularly concerned with double-NATing (or even CG-NAT) as I will have a site-to-site OpenVPN connection from pfsense, with the server being on the Internet so no problems connecting to the home LAN.
Why do I have pfsense in a HA when only having one WAN connection? So I can play around and update one firewall without it taking down the Internet for the family. Also the LAN will consist of two switches in a resilient manner making use of RSTP so that I can lose one pfsense firewall and still have the LAN devices routed to the WAN. I'm looking at the Ubiquiti range now, thanks