For a while I have been planning to switch from an all-in-one wifi router to having separate devices because that way they can be upgraded piece by piece instead of having to replace the whole thing.

I am confused about the role of the firewall.

If I have a router running OpenWRT, does it have a firewall included? Either by default or by installing certain packages?

Or is it required to have a separate firewall running opnsense/pfsense?

If not required, what would be the benefits that would lean in favour of separate firewall?

use case: small home network 2-3 users. some internal self hosting and maybe one day external self hosting.

ETA: The best internet I could subscribe to where I’m at is 1024 Mbps down, 50 Mbps up. So don’t worry about wasting fibre speeds. :(

My assembled components so far are: router, WAPs, switches, ethernet cable and cable modem.

Thanks for any advice.

  • imaradio@lemmy.caOPEnglish
    1·
    11 months ago

    The best internet I could subscribe to where I’m at is 1024 Mbps down, 50 Mbps up. :(

    Sounds like I can just use the router then.

    • Ajen@sh.itjust.worksEnglish
      3·
      11 months ago

      1024Mbps = 1gbps

      That’s fast enough to hit the limit of most hardware people put openwrt on, but if you stick with standard firewall rules and don’t install anything else on the router you should be ok. The router might limit your download speed slightly, but you should still easily get 800+ mbps.

      • imaradio@lemmy.caOPEnglish
        1·
        11 months ago

        ok, ok, I don’t know how numbers work oops

        I doubt the WAN would provide the advertised top theoretical speed most of the time; I just don’t want to be running at like 10% of potential or something like that. If I were to do that I should at least get a cheaper plan.

        • Ajen@sh.itjust.worksEnglish
          1·
          11 months ago

          You might see a 10% performance hit with gigabit internet depending on what you enable in openwrt and how fast your hardware is. On the other hand I wouldn’t compare openwrt speed against the advertised speed. Test the actual speed you get by plugging your computer directly into your modem.

          • imaradio@lemmy.caOPEnglish
            1·
            11 months ago

            I mean I don’t want to take a 90% performance hit lol. I can def live with 10% hit.

            • Ajen@sh.itjust.worksEnglish
              2·
              11 months ago

              My bad. Yeah, you’ll be fine. On the other hand, if you want to spend hundreds/thousands of $$ on network and server hardware, that’s also an option ;)