A $30 surge suppressor will not prevent this from happening again. You can see the fakespot review, for what it's worth.
Even a nearby lightning strike will overcome surge protection.
As far as I know and have seen, eliminating the path for the conducted radiation is best, if not the only, way to prevent problems in the future.
Modern power supplies are usually of the switching variety and are not line frequency sensitive.
If it's an old-style analog power supply, a higher line frequency than the rating is OK. It may not be as efficient, but it will work. Using a lower line frequency than the rating will cause additional heating.
With a PC connected directly to the modem, can you access 192.168.40.1?
It does seem possible for the ISP to modify the admin IP address via the modem config file, but I have not seen it done. I also cannot come up with a way to find it (not enough coffee, yet), short of a packet capture with your PC directly attached to the modem and hoping the modem advertises its IP address once connected to the ISP.
It is possible that the UK ISP is blocking the port that you have forwarded, for some reason.
As for ping, have you allowed ping on your router, some do not answer ping on their WAN port, by default.
This ^^.
I was having similar problems with a TP-Link C9. Tested with iperf
PC->router->PC, wired
iperf indicated that the C9 topped out at 432 Mbps. Other than a static IP address on the WAN port, the C9 was in the default config.
I'm not sure where the .40. address is coming from. My Arris modem's admin page lives at 192.168.100.1. I don't need to do anything to my router to access it.
The router knows that it doesn't own a 192.168.100.x subnet and forwards that traffic 'toward' its default router, where the modem will reply. Not all modems use the .100. subnet. Arris and Motorola do.
In a typical (Arris/Motorola) config, if you watch the ethernet traffic while the modem is coming up and the router is DHCP'ing for its WAN address, you will see the WAN get 192.168.100.xx address until the modem negotiates with the ISP. The modem will then drop and restore link to the router forcing the router to do another DHCP request. The response to this second DHCP request receives the public IP address for the router's WAN port.
If you run wireshark on a PC connected to the modem while powered off, then power on the modem, you should see a gratuitous ARP advertising the modem's IP and MAC addresses. This will probably be the management IP address of the modem.
It may be easier to find a sorcerer that can turn the leaden WRT32X into enough gold to buy a pfSense firewall, an ethernet switch and a WiFi6e Access Point.
While the WRT32X does look like a capable xxWRT contender, the networking gods will raise the drawbridge on low latency and high throughput while your packets venture into the dark magical VPN world.
Presuming that you are not subscribed to more than about 500 Mbps, down, a DOCSIS 3.1 modem will not improve much.
If your current modem uses the Intel Puma 5, 6 and maybe 7 chipsets, then a new non-Intel modem may make a difference. If you are not having problems, then a DOCSIS 3.1 modem will probably not improve anything.
If your provider will soon support DOCSIS 4.0, I would wait.
I haven't done extensive testing, but the Eeros are OK APs when placed in bridge mode. However, that neuters most of the intended functionality and severely limits their configurations. They don't support PoE and don't support VLANs.
If you already have them, give them a try. If you are looking to buy them, I'd look at some other WiFi6 AP.
To keep it simple (don’t want to cut/terminate my own cable) I’m getting a female/female wall plate.
Does this mean that you want to use a patch cable behind the wall?
If so, make sure it's CMR (riser/between floors) or CM (not between floors) rated.
In all likelihood, the 'modem' is a router and each apartment is on a switch port routed through the ISP's router.
A firewall-only solution will protect the devices that you have connected to the ethernet port in your apartment. Juniper, Xophos, etc.
A firewall-only solution is not typical of consumer-grade equipment. If double-NATing is not a problem, your own router is the solution.