The setup I have for my shop is a tiny computer with OpnSense with the LAN port connected to a 5-port switch. I have an old wifi router with OpenWRT installed put in switch mode for wifi access to that network (plus extra ethernet ports). I was thinking of looking into putting my cable modem/router into modem-only mode and using a different router like I have in my shop for the local network.<p>My question is this: If there were vulnerabilities in my modem/router firmware, does putting it in modem-only mode and using a separate router/switch mitigate them? Does it depend on the specific vulnerability?
This is why I'm disappointed that Apple stopped selling Airports. They're good quality, they do what they do well, they don't have tons of "features" to try to sell them, and they're supported for incredibly long periods of time. The last updates, issued in July, 2019, covered Airports going back to 2008.<p>I'm waiting for a company - <i>any</i> company - to start selling devices that don't have tons of gratuitous features which expand the security surface, that aren't deprecated within a year or two, and that don't tie us in to some "cloud" service or paid subscription.
I'm curious to know what the author's intent was trying to use OpenWRT with a web server. I've happily used OpenWRT in several instances and have had good results for the most part. I wonder if the author took the problem they encountered to the OpenWRT forums - lots of helpful people on there. Unfortunately, when I clicked on their link about using it on a Raspberry Pi 3, it just links back to the same article. I can confirm however that FreeBSD works well as on a Raspberry Pi in a router-on-a-stick configuration. Had similar success with OpenBSD on a BeagleBone too.