@1R27cD5n  to use thevfirewall of the Hub one you would need to connect it to your network via its  WAN port. It would need the wan port configured for DHCP and  AFAIK that is not possible.

Thank you for your reply.

Not sure which way round the serviing of IP adresses needs to be - does the WAN port need to pick up an IP from the main networks router (ie the outgiong plusnet couter), or does it need to provide them to the subnets connected devices.

All subnet workstations and laptops are Cat 5 wired into a switch, all with fixed IPs, at present the Switch is connected to a firewall,which I want to replace. The WAN port would connect at this point.

The Firewall only operates between WAN and LAN. Therefore you need to connect the WAN port to your main network and either let it get an IP via DHCP or assign a static IP, in the subnet of the main network. The  LAN subnet then needs setting to be a different subnet to the main network so that it can ROUTE between LAn and WAN eg. 192.168.2.x if the main network is 192.168.1.x. Any devices connected to the new router either need fixed IP's in the new LAN subnet or cvan use the DHCP server ( if its left active ) to obtain IP's

However, I dont think the WAN on the Hub one can be configured for either a static IP or DHCP, only PPPoE is possible IIRC

If your old router will allow the WAN port to be configured then it should work

Yes, thanks agree, my subnet is configured with the IP's third octet being different to that of the main network.

I dont think the WAN on the Hub one can be configured for either a static IP or DHCP, only PPPoE is possible IIRC

I have setup an old BT Hub to act as a 'secondary access point' as per the thread below, and it works fine:

https://community.plus.net/t5/My-Router/Using-a-2nd-Plusnet-Hub1-as-a-Wireless-Access-point/td-p/138...

To set up the above, the IP address of the router is configured with a static IP (is that not the Static Address you state above that the Hub cannot be set to ? confused).
In the Fire Wall example I am trying to acheive, could you not setup the BT Hub to be one of the subnet IP's (ie 192.168.2.1) - and it pass connections out through itself to the main network, with the firewall element of ther router working as a firewall should ?

Does the BT Hub not have a 'WAN' port (and that can handle a number of protocols ?), presume the PPPoE is for the Broadband port ?

In the Fire Wall example I am trying to acheive, could you not setup the BT Hub to be one of the subnet IP's (ie 192.168.2.1) - and it pass connections out through itself to the main network, with the firewall element of ther router working as a firewall should ?

yes BUT it will only route addresses ( not in its subnet)  out through the WAN port. So the WAN port needs to be allocated an address in the main subnet. You need a router where the wan port can be configured for either dhcp or static ip and I don't think the bt hubs will allow that...

Am I right to suggest that the Red WAN Port is 'locked' to PPPoE, which is a modem type protocol, this port connects to the BT Openreach modem.

Can you put PPPoE into another box, that could then output TCP ?

I read some info on Open WRT and LEDE interface -
https://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=266

About how to configure the Red Port for use with other services, but presume that would still only be for PPPoE.

Am I right to suggest that the Red WAN Port is 'locked' to PPPoE

AFAIK , using the standard Hub one firmware , there is no option to configure anything other than PPPoE on the WAN port.

I believe OPenwrt does allow the WAN port to be configured as DHCP, static or PPPoE. There are some guides out there that descibe how to get Openwrt on the Hub one but its not easy!!

Assuming OPenwrt does have the ability to set the WAN protocol ( you'd need to double check the documentation ) then you can pick up a HH5 or Hub one already flashed with Openwrt for less than £20 on ebay.

Can you put PPPoE into another box, that could then output TCP ?

In principle you could put a PPPoE server in between but its way too complicated, you'd be better off getting another router that does allow WAN port configuration.

Interesting, sounds like I am getting nearer to what I am looking to do, over the years I have ended up with a drawer full of BT, Vodaphone and Plusnet routers, seems daft to have them crushed with such a short life span, I am currently using a Linux Smoothwall Express box, but want something simpler - such as the firewall built into a router.

Guess I could start another thread and see what comes up, there is some Posts regarding OpenWRT.

Presume its not difficult to flash the routers memory.

I am right to think that the Red Port is as you would find in a Firewall - ie the outside port, then between that and the Yellow Ports sits the firewall (and other functions, PFwd, NATting ect) in the router.

Its more than a,simple reflash,  Boyle ' hh5 openwrt'

Tbh I'd stick with Smoothwall

I will look at the opensource router Firmwares and make a decision, I thought the Firewall in a BT or PN router would be as good if not better, it is a little box with firmware, not a big PC box (required to run SWE) - along with all the other parts that seem to go wrong, monitors, HDs, Video Cards, CD players (the latter two having failed in mine) etc - saying that I should learn if I can do a NW installation of the Smoothwall Express.

@1R27cD5n 

It doesn't solve your "use existing hardware" requirement but I have an old Drayek 2820 working in just the way you require at the moment (as a second firewall/NAT inside a domestic network).

You would probably pay a few pounds for one of these second hand on an auction site.