Reference Manual for the ADSL Modem Router DG834 v3
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
202-10153-01 October 2006
© 2006 by NETGEAR, Inc. All rights reserved.
Trademarks
NETGEAR is a trademark of Netgear, Inc.
Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation.
Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
•Reorient or relocate the receiving antenna.
•Increase the separation between the equipment and receiver.
•Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
•Consult the dealer or an experienced radio/TV technician for help.
Federal Communications Commission (FCC) Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. In order to avoid the possibility of exceeding the FCC radio frequency exposure limits, human proximity to the antenna shall not be less than 20 cm (8 inches) during normal operation.
ii
v1.1, October 2006
European Union Statement of Compliance
Hereby, NETGEAR, Inc. declares that this modem router is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC.
|
Èesky |
NETGEAR, Inc. tímto prohlašuje, že tento DG834 ADSL Modem Router je ve shodì se |
|
[Czech] |
základními požadavky a dalšími pøíslušnými ustanoveními smìrnice 1999/5/ES. |
|
|
|
|
Dansk |
Undertegnede NETGEAR, Inc. erklærer herved, at følgende udstyr DG834 ADSL |
|
[Danish] |
Modem Router overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/ |
|
|
EF. |
|
|
|
|
Deutsch |
Hiermit erklärt NETGEAR, Inc., dass sich das Gerät DG834 ADSL Modem Router in |
|
[German] |
Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen |
|
|
Bestimmungen der Richtlinie 1999/5/EG befindet. |
|
|
|
|
Eesti |
Käesolevaga kinnitab NETGEAR, Inc. seadme DG834 ADSL Modem Router vastavust |
|
[Estonian] |
direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele |
|
|
asjakohastele sätetele. |
|
|
|
|
English |
Hereby, NETGEAR, Inc., declares that this DG834 ADSL Modem Router is in |
|
|
compliance with the essential requirements and other relevant provisions of Directive |
|
|
1999/5/EC. |
|
|
|
|
Español |
Por medio de la presente NETGEAR, Inc. declara que el DG834 ADSL Modem Router |
|
[Spanish] |
cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o |
|
|
exigibles de la Directiva 1999/5/CE. |
|
|
|
|
Ελληνική |
ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ NETGEAR, Inc. ΔΗΛΩΝΕΙ ΟΤΙ DG834 ADSL Modem Router |
|
[Greek] |
ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ |
|
|
ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999/5/ΕΚ. |
|
|
|
|
Français |
Par la présente NETGEAR, Inc. déclare que l'appareil DG834 ADSL Modem Router est |
|
[French] |
conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive |
|
|
1999/5/CE. |
|
|
|
|
Italiano |
Con la presente NETGEAR, Inc. dichiara che questo DG834 ADSL Modem Router è |
|
[Italian] |
conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva |
|
|
1999/5/CE. |
|
|
|
|
Latviski |
Ar šo NETGEAR, Inc. deklarç, ka DG834 ADSL Modem Router atbilst Direktîvas 1999/ |
|
[Latvian] |
5/EK bûtiskajâm prasîbâm un citiem ar to saistîtajiem noteikumiem. |
|
|
|
|
Lietuviø |
Šiuo NETGEAR, Inc. deklaruoja, kad šis DG834 ADSL Modem Router atitinka esminius |
|
[Lithuanian] |
reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas. |
|
|
|
|
Nederlands |
Hierbij verklaart NETGEAR, Inc. dat het toestel DG834 ADSL Modem Router in |
|
[Dutch] |
overeenstemming is met de essentiële eisen en de andere relevante bepalingen van |
|
|
richtlijn 1999/5/EG. |
|
|
|
|
|
|
|
|
iii |
v1.1, October 2006
Malti |
Hawnhekk, NETGEAR, Inc., jiddikjara li dan DG834 ADSL Modem Router jikkonforma |
[Maltese] |
mal-tiijiet essenzjali u ma provvedimenti orajn relevanti li hemm fid-Dirrettiva 1999/5/EC. |
|
|
Magyar |
Alulírott, NETGEAR, Inc. nyilatkozom, hogy a DG834 ADSL Modem Router megfelel a |
[Hungarian] |
vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. |
|
|
Polski |
Niniejszym NETGEAR, Inc. oœwiadcza, ¿e DG834 ADSL Modem Router jest zgodny z |
[Polish] |
zasadniczymi wymogami oraz pozosta³ymi stosownymi postanowieniami Dyrektywy |
|
1999/5/EC. |
|
|
Português |
NETGEAR, Inc. declara que este DG834 ADSL Modem Router está conforme com os |
[Portuguese] |
requisitos essenciais e outras disposições da Directiva 1999/5/CE. |
|
|
Slovensko |
NETGEAR, Inc. izjavlja, da je ta DG834 ADSL Modem Router v skladu z bistvenimi |
[Slovenian] |
zahtevami in ostalimi relevantnimi doloèili direktive 1999/5/ES. |
|
|
Slovensky |
NETGEAR, Inc. týmto vyhlasuje, že DG834 ADSL Modem Router spåòa základné |
[Slovak] |
požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES. |
|
|
Suomi |
NETGEAR, Inc. vakuuttaa täten että DG834 ADSL Modem Router tyyppinen laite on |
[Finnish] |
direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen |
|
mukainen. |
|
|
Svenska |
Härmed intygar NETGEAR, Inc. att denna [utrustningstyp] står I överensstämmelse med |
[Swedish] |
de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv |
|
1999/5/EG. |
|
|
A printed copy of the EU Declaration of Conformity certificate for this product is provided in the DG834 v3 product package.
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das DG834 ADSL Modem Router gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/ 1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the DG834 ADSL Modem Router has been suppressed in accordance with the conditions set out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market and has been granted the right to test the series for compliance with the regulations.
iv
v1.1, October 2006
Voluntary Control Council for Interference (VCCI) Statement
This equipment is in the second category (information equipment to be used in a residential area or an adjacent area thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver, it may become the cause of radio interference. Read instructions for correct handling.
WProduct and Publication Details
Model Number: |
DG834 v3 |
Publication Date: |
October 2006 |
Product Family: |
Modem Router |
Product Name: |
DG834 ADSL Modem Router |
Home or Business Product: |
Home |
Language: |
English |
Publication Part Number: |
202-10153-01 |
Change History
Version |
Date Published |
Change Description |
|
|
|
1.0 |
January 2006 |
Original publication |
1.1October 2006 Removed NETBIOS feature.
v
v1.1, October 2006
vi
v1.1, October 2006
Contents
Reference Manual for the ADSL Modem Router DG834 v3
Chapter 1
About This Manual
Audience, Scope, Conventions, and Formats ................................................................ |
1-1 |
How to Print this Manual ................................................................................................. |
1-2 |
Chapter 2 |
|
Introduction |
|
About the Modem Router ............................................................................................... |
2-1 |
Key Features .................................................................................................................. |
2-2 |
A Powerful, True Firewall ......................................................................................... |
2-2 |
Easy Installation and Management .......................................................................... |
2-3 |
Protocol Support ...................................................................................................... |
2-3 |
Virtual Private Networking (VPN) ............................................................................. |
2-5 |
Auto Sensing and Auto Uplink™ LAN Ethernet Connections .................................. |
2-5 |
Content Filtering ....................................................................................................... |
2-5 |
Trend Micro Home Network Security ....................................................................... |
2-5 |
What’s in the Box? .......................................................................................................... |
2-6 |
The Modem Router’s Front Panel ............................................................................ |
2-7 |
The Router’s Rear Panel ......................................................................................... |
2-8 |
Connecting the Router to the Internet ............................................................................ |
2-9 |
Chapter 3 |
|
Protecting Your Network |
|
Protecting Access to Your DG834 ADSL Modem Router ............................................... |
3-1 |
How to Change the Built-In Password ..................................................................... |
3-1 |
Changing the Administrator Login Timeout .............................................................. |
3-2 |
Configuring Basic Firewall Services ............................................................................... |
3-3 |
Blocking Keywords, Sites, and Services .................................................................. |
3-3 |
How to Block Keywords and Sites ........................................................................... |
3-3 |
vii
v1.1, October 2006
Firewall Rules ................................................................................................................. |
3-5 |
Inbound Rules (Port Forwarding) ............................................................................. |
3-6 |
Outbound Rules (Service Blocking) ......................................................................... |
3-9 |
Order of Precedence for Rules .............................................................................. |
3-11 |
Services ........................................................................................................................ |
3-12 |
How to Define Services .......................................................................................... |
3-12 |
Setting Times and Scheduling Firewall Services .......................................................... |
3-13 |
How to Set Your Time Zone ................................................................................... |
3-13 |
How to Schedule Firewall Services ........................................................................ |
3-15 |
Trend Micro Home Network Security ............................................................................ |
3-15 |
Security Service Settings ....................................................................................... |
3-16 |
Parental Controls Settings ..................................................................................... |
3-18 |
Chapter 4 |
|
Managing Your Network |
|
Backing Up, Restoring, or Erasing Your Settings ........................................................... |
4-1 |
How to Back Up the Configuration to a File ............................................................. |
4-1 |
How to Restore the Configuration from a File .......................................................... |
4-2 |
How to Erase the Configuration ............................................................................... |
4-2 |
Upgrading the Modem Router’s Firmware ...................................................................... |
4-2 |
How to Upgrade the Modem Router Firmware ........................................................ |
4-3 |
Network Management Information ................................................................................. |
4-4 |
Viewing Modem Router Status and Usage Statistics ............................................... |
4-4 |
Viewing Attached Devices ........................................................................................ |
4-8 |
Viewing, Selecting, and Saving Logged Information ................................................ |
4-8 |
Examples of Log Messages ................................................................................... |
4-11 |
Enabling Security Event E-mail Notification ................................................................. |
4-12 |
Running Diagnostic Utilities and Rebooting the Modem Router ................................... |
4-13 |
Enabling Remote Management .................................................................................... |
4-14 |
Configuring Remote Management ......................................................................... |
4-15 |
Chapter 5 |
|
Advanced Configuration |
|
Configuring Advanced Security ...................................................................................... |
5-1 |
Setting Up A Default DMZ Server ............................................................................ |
5-2 |
Connect Automatically, as Required ........................................................................ |
5-3 |
Disable Port Scan and DOS Protection ................................................................... |
5-3 |
viii
v1.1, October 2006
Respond to Ping on Internet WAN Port ................................................................... |
5-4 |
MTU Size ................................................................................................................. |
5-4 |
Configuring LAN IP Settings ........................................................................................... |
5-4 |
DHCP ....................................................................................................................... |
5-6 |
How to Configure LAN TCP/IP Settings ................................................................... |
5-8 |
Configuring Dynamic DNS ....................................................................................... |
5-8 |
How to Configure Dynamic DNS .............................................................................. |
5-9 |
Using Static Routes ...................................................................................................... |
5-10 |
Static Route Example ............................................................................................. |
5-10 |
How to Configure Static Routes ............................................................................. |
5-11 |
Universal Plug and Play (UPnP) ................................................................................... |
5-13 |
Chapter 6 |
|
Virtual Private Networking (Advanced Feature) |
|
Overview of VPN Configuration ...................................................................................... |
6-1 |
Client-to-Gateway VPN Tunnels .............................................................................. |
6-2 |
Gateway-to-Gateway VPN Tunnels ......................................................................... |
6-2 |
Planning a VPN .............................................................................................................. |
6-3 |
VPN Tunnel Configuration .............................................................................................. |
6-5 |
How to Set Up a Client-to-Gateway VPN Configuration ................................................. |
6-6 |
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the DG834 v3 .............. |
6-6 |
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC ......... |
6-11 |
How to Set Up a Gateway-to-Gateway VPN Configuration .......................................... |
6-20 |
VPN Tunnel Control ...................................................................................................... |
6-27 |
Activating a VPN Tunnel ........................................................................................ |
6-27 |
Verifying the Status of a VPN Tunnel ..................................................................... |
6-30 |
Deactivating a VPN Tunnel .................................................................................... |
6-32 |
Deleting a VPN Tunnel ........................................................................................... |
6-34 |
How to Set Up VPN Tunnels in Special Circumstances ............................................... |
6-36 |
Using Auto Policy to Configure VPN Tunnels ........................................................ |
6-36 |
Using Manual Policy to Configure VPN Tunnels .................................................... |
6-46 |
Chapter 7 |
|
Troubleshooting |
|
Basic Functioning ........................................................................................................... |
7-1 |
Power LED Not On ................................................................................................... |
7-2 |
Test LED Never Turns On or Test LED Stays On ..................................................... |
7-2 |
ix
v1.1, October 2006
LAN or Internet Port LEDs Not On ........................................................................... |
7-2 |
Troubleshooting the Web Configuration Interface .......................................................... |
7-3 |
Troubleshooting the ISP Connection .............................................................................. |
7-4 |
ADSL link ................................................................................................................. |
7-4 |
Obtaining a WAN IP Address ................................................................................... |
7-5 |
Troubleshooting PPPoE or PPPoA .......................................................................... |
7-6 |
Troubleshooting Internet Browsing .......................................................................... |
7-7 |
Troubleshooting a TCP/IP Network Using the Ping Utility .............................................. |
7-7 |
Testing the LAN Path to Your Router ....................................................................... |
7-7 |
Testing the Path from Your Computer to a Remote Device ..................................... |
7-8 |
Restoring the Default Configuration and Password ........................................................ |
7-9 |
Using the Reset button ............................................................................................. |
7-9 |
Problems with Date and Time ....................................................................................... |
7-10 |
Appendix A |
|
Technical Specifications |
|
Appendix B |
|
NETGEAR VPN Configuration |
|
DG834 v3 to FVL328 ..................................................................................................... |
B-1 |
Configuration Profile ................................................................................................ |
B-1 |
Step-By-Step Configuration ..................................................................................... |
B-2 |
DG834 v3 with FQDN to FVL328 .................................................................................. |
B-6 |
Configuration Profile ................................................................................................ |
B-6 |
Step-By-Step Configuration ..................................................................................... |
B-8 |
Configuration Summary (Telecommuter Example) ...................................................... |
B-14 |
Setting Up the Client-to-Gateway VPN Configuration (Telecommuter Example) ........ |
B-15 |
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the |
|
Employer’s Main Office ......................................................................................... |
B-15 |
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the |
|
Telecommuter’s Home Office ................................................................................ |
B-17 |
Monitoring the VPN Tunnel (Telecommuter Example) ................................................. |
B-27 |
Viewing the PC Client’s Connection Monitor and Log Viewer ............................... |
B-27 |
Viewing the VPN Router’s VPN Status and Log Information ................................ |
B-28 |
Appendix C |
|
Related Documents |
|
x
v1.1, October 2006
Chapter 1
About This Manual
This chapter describes the intended audience, scope, conventions, and formats of this manual.
Audience, Scope, Conventions, and Formats
This reference manual assumes that the reader has basic to intermediate computer and Internet skills. However, basic computer network, Internet, firewall, and VPN technologies tutorial information is provided in the Appendices and on the Netgear website.
This guide uses the following typographical conventions:
Table 1-1. Typographical Conventions
italics |
Emphasis, books, CDs, URL names |
|
|
bold |
User input |
|
|
fixed |
Screen text, file and server names, extensions, commands, IP addresses |
This guide uses the following formats to highlight special messages:
This manual is written for the DG834 ADSL Modem Router according to these specifications:
Note: This format is used to highlight information of importance or special interest.
Table 1-2. Manual Scope
Product Version |
DG834 ADSL Modem Router |
|
|
Manual Publication Date |
October 2006 |
|
|
Note: Product updates are available on the NETGEAR, Inc. Web site at
http://kbserver.netgear.com.
About This Manual |
1-1 |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
How to Print this Manual
To print this manual you can choose one of the following several options, according to your needs.
•Printing a Page in the HTML View.
Each page in the HTML version of the manual is dedicated to a major topic. Use the Print button on the browser toolbar to print the page contents.
•Printing a Chapter.
Use the PDF of This Chapter link at the top left of any page.
Note: Your computer must have the free Adobe Acrobat reader installed in order to 
view and print PDF files. The Acrobat reader is available on the Adobe Web
site at http://www.adobe.com.
–Click the PDF of This Chapter link at the top right of any page in the chapter you want to print. The PDF version of the chapter you were viewing opens in a browser window.
–Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature.
•Printing the Full Manual.
Use the Complete PDF Manual link at the top left of any page.
–Click the Complete PDF Manual link at the top left of any page in the manual. The PDF version of the complete manual opens in a browser window.
–Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages on a single sheet of paper, you can save paper and printer ink by selecting this feature.
1-2 |
About This Manual |
v1.1, October 2006
Chapter 2
Introduction
This chapter describes the features of the NETGEAR DG834 ADSL Modem Router. The DG834 ADSL Modem Router is a combination of a built-in ADSL modem, modem router, 4-port switch, and firewall which enables your entire network to safely share an Internet connection that otherwise would be used by a single computer.
Note: If you are unfamiliar with networking and routing, refer to “Internet Networking 
and TCP/IP Addressing:” in Appendix C to become more familiar with the terms
and procedures used in this manual.
About the Modem Router
The DG834 ADSL Modem Router provides continuous, high-speed 10/100 Ethernet access between your Ethernet devices. With minimum setup, you can install and use the modem router within minutes.
The DG834 ADSL Modem Router provides multiple Web content filtering options, plus e-mail alerts and logging. Parents and network administrators can establish restricted access policies based on time of day, Web site addresses, and address keywords. They can also share high-speed ADSL Internet access for up to 253 personal computers. The included firewall and Network Address Translation (NAT) features protect you from hackers.
The DG834 v3 also supports Trend Micro Home Network Security, a bundle of services that includes router-based Parental Controls and network-wide protection from viruses, Trojans, spyware, spam, and other Internet threats.
Introduction |
2-1 |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
Key Features
The DG834 ADSL Modem Router provides the following features:
•A built-in ADSL modem
•A powerful, true firewall
•Easy, Web-based setup for installation and management
•Extensive Internet protocol support
•Trustworthy VPN Communications over the Internet
•VPN Wizard for easy VPN configuration
•Auto Sensing and Auto Uplink™ LAN Ethernet connections
•Content filtering
•Support for Trend Micro Home Network Security
These features are discussed below.
A Powerful, True Firewall
Unlike simple Internet sharing NAT routers, the DG834 v3 is a true firewall, using stateful packet inspection to defend against hacker attacks. Its firewall features include:
•Denial of Service (DoS) protection
Automatically detects and thwarts Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND Attack and IP Spoofing.
•Blocks unwanted traffic from the Internet to your LAN.
•Blocks access from your LAN to Internet locations or services that you specify as off-limits.
•Logs security incidents
The DG834 v3 will log security events such as blocked incoming traffic, port scans, attacks, and administrator logins. You can configure the modem router to email the log to you at specified intervals. You can also configure the modem router to send immediate alert messages to your email address or email pager whenever a significant event occurs.
2-2 |
Introduction |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
Easy Installation and Management
You can install, configure, and operate the DG834 v3 within minutes after connecting it to the network. The following features simplify installation and management tasks:
•Browser-based management
Browser-based configuration allows you to easily configure your modem router from almost any type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup Wizard is provided and online help documentation is built into the browser-based Web Management Interface.
•Smart Wizard
A wizard built into the modem router automatically senses the type of Internet connection, asking you only for the information required for your type of ISP account.
•Remote management
The modem router allows you to log in to the Web management interface from a remote location via the Internet. For security, you can limit remote management access to a specified remote IP address or range of addresses, or you can choose a nonstandard port number.
•Diagnostic functions
The modem router incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote reboot. These functions allow you to test Internet connectivity and reboot the modem router. You can use these diagnostic functions directly from the DG834 v3 when you are connected on the LAN or when you are connected over the Internet via the remote management function.
•Visual monitoring
The modem router’s front panel LEDs provide an easy way to monitor its status and activity.
•Flash erasable programmable read-only memory (EPROM) for firmware upgrades.
Protocol Support
The DG834 v3 supports Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). “Internet Networking and TCP/IP Addressing:” in Appendix C provides further information on TCP/IP.
•The Ability to Enable or Disable IP Address Sharing by NAT
The DG834 v3 allows several networked PCs to share an Internet account using only a single IP address, which may be statically or dynamically assigned by your Internet service provider (ISP). This technique, known as Network Address Translation (NAT), allows the use of an inexpensive single-user ISP account. This feature can also be turned off completely while using the DG834 v3 if you want to manage the IP address scheme yourself.
Introduction |
2-3 |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
•Automatic Configuration of Attached PCs by DHCP
The DG834 v3 dynamically assigns network configuration information, including IP, modem router, and domain name server (DNS) addresses, to attached PCs on the LAN using the Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration of PCs on your local network.
•DNS Proxy
When DHCP is enabled and no DNS addresses are specified, the modem router provides its own address as a DNS server to the attached PCs. The modem router obtains actual DNS addresses from the ISP during connection setup and forwards DNS requests from the LAN.
•Classical IP (RFC 1577)
Some Internet service providers, in Europe for example, use Classical IP in their ADSL services. In such cases, the modem router is able to use the Classical IP address from the ISP.
•PPP over Ethernet (PPPoE)
PPPover Ethernet is a protocol for connecting remote hosts to the Internet over an ADSL connection by simulating a dial-up connection. This feature eliminates the need to run a login program such as EnterNet or WinPOET on your computer.
•PPP over ATM (PPPoA)
PPPover ATM is a protocol for connecting remote hosts to the Internet over an ADSL connection by simulating an ATM connection.
•Dynamic DNS
Dynamic DNS services allow remote users to find your network using a domain name when your IP address is not permanently assigned. The modem router contains a client that can connect to many popular Dynamic DNS services to register your dynamic IP address.
•Universal Plug and Play (UPnP)
UPnP is a networking architecture that provides compatibility between networking technologies. UPnP compliant routers provide broadband users at home and small businesses with a seamless way to participate in online games, videoconferencing and other peer-to-peer services.
2-4 |
Introduction |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
Virtual Private Networking (VPN)
The DG834 ADSL Modem Router provides a secure encrypted connection between your local area network (LAN) and remote networks or clients. It includes the following VPN features:
•Supports 5 VPN connections.
•Supports industry standard VPN protocols
The DG834 ADSL Modem Router supports standard Manual or IKE keying methods, standard MD5 and SHA-1 authentication methods, and standard DES and 3DES encryption methods. It is compatible with many other VPN products.
•Supports 3DES encryption for maximum security.
•VPN Wizard based on VPNC recommended settings.
Auto Sensing and Auto Uplink™ LAN Ethernet Connections
With its internal 4-port 10/100 switch, the DG834 v3 can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. The local LAN ports are autosensing and capable of full-duplex or half-duplex operation.
The modem router incorporates Auto UplinkTM technology. Each local Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a ‘normal’ connection such as to a computer or an ‘uplink’ connection such as to a switch or hub. That port will then configure itself to the correct configuration. This feature also eliminates the need to worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the right connection.
Content Filtering
With its content filtering feature, the DG834 v3 prevents objectionable content from reaching your PCs. The modem router allows you to control access to Internet content by screening for keywords within Web addresses. You can configure the modem router to log and report attempts to access objectionable Internet sites.
Trend Micro Home Network Security
This service bundle from Trend Micro has three components:
•Trend Micro dashboard
This component is free for unlimited use. From the dashboard you can:
—Scan your computer and entire network for security vulnerabilities
—View individual computer and network-wide security reports
Introduction |
2-5 |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
—Detect and remove spyware
—View attempts to access content restricted by Parental Controls
—Purchase subscriptions for Parental Controls and Trend Micro Internet Security
•Trend Micro Internet Security
You can install this program on up to 10 computers and try it free for 60 days. Its features include:
—Real-time and scheduled scanning to remove viruses, Trojans, spyware, and other Internet threats
—Personal firewall
—Network intruder detection
—Anti-spam
•Router-based Parental Controls
This service restricts home network users from viewing inappropriate Web content. It is free for 60 days, and when you register your free trial of Trend Micro Internet Security, your free use of Parental Controls is automatically extended to one year.
For instructions on activating these services, refer to “Trend Micro Home Network Security” on page 3-15.
What’s in the Box?
The product package should contain the following items:
•DG834 ADSL Modem Router
•AC power adapter (varies by region)
•Category 5 (Cat 5) Ethernet cable
•Telephone cable with RJ-11 connector
•Microfilters (quantity and type vary by region)
•ADSL Modem Router Resource CD, including this guide
•A Printed Quick Installation Guide
•Warranty and Support Information Cards
•Two plastic feet that can be used to stand the DG834 ADSL Modem Router on end.
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the carton, including the original packing materials, in case you need to return the product for repair.
2-6 |
Introduction |
v1.1, October 2006
|
|
|
DG834 v3 |
1 |
2 |
3 |
4 |
|
|
|
on the |
Introduction |
|
|
2-7 |
|
|
|
v1.1, October 2006 |
Reference Manual for the ADSL Modem Router DG834 v3
The Router’s Rear Panel
The rear panel of the DG834 ADSL Modem Router (Figure 2-2) contains port connections.
2
4
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3 |
|
|
||||
Figure 2-2
Viewed from left to right, the rear panel contains the following elements:
1.RJ-11 ADSL port for connecting the firewall to an ADSL line
2.Four Local Ethernet RJ-45 LAN ports for connecting the firewall to the local computers
3.Factory Default Reset push button
4.AC power adapter outlet
2-8 |
Introduction |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
Connecting the Router to the Internet
To connect your DG834 ADSL Modem Router to the Internet, refer to the ADSL Modem Router Setup Manual on the ADSL Modem Router Resource CD or online as shown in the following table.
Table 2-1.
Language |
URL |
|
|
Dutch |
http://documentation.netgear.com/dg834/nld/208-10032-01/ |
|
|
English |
http://documentation.netgear.com/dg834/enu/208-10026-01/ |
|
|
French |
http://documentation.netgear.com/dg834/fra/208-10027-01/ |
|
|
German |
http://documentation.netgear.com/dg834/deu/208-10028-01/ |
|
|
Italian |
http://documentation.netgear.com/dg834/ita/208-10029-01/ |
|
|
Spanish |
http://documentation.netgear.com/dg834/esp/208-10030-01/ |
|
|
Swedish |
http://documentation.netgear.com/dg834/sve/208-10031-01/ |
|
|
Introduction |
2-9 |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
2-10 |
Introduction |
v1.1, October 2006
Chapter 3
Protecting Your Network
This chapter describes how to use the basic firewall features of the DG834 ADSL Modem Router to protect your network. It also describes how to configure Trend Micro Home Network Security.
Protecting Access to Your DG834 ADSL Modem Router
For security reasons, the modem router has its own user name and password. Also, after a period of inactivity for a set length of time, the administrator login will automatically disconnect. When prompted, enter admin for the modem router User Name and password for the modem router Password. You can use procedures below to change the modem router's password and the amount of time for the administrator’s login timeout.
Note: The user name and password are not the same as any user name or password your may use to log in to your Internet connection.
NETGEAR recommends that you change this password to a more secure password. The ideal password should contain no dictionary words from any language, and should be a mixture of both upper and lower case letters, numbers, and symbols. Your password can be up to 30 characters.
How to Change the Built-In Password
1.Log in to the modem router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever Password and LAN address you have chosen for the modem router.
Figure 3-1
Protecting Your Network |
3-1 |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
2.From the Main Menu of the browser interface, under the Maintenance heading, select Set Password to bring up the menu shown in Figure 3-2.
Figure 3-2
3.To change the password, first enter the old password, and then enter the new password twice.
4.Click Apply to save your changes.
Note: After changing the password, you will be required to log in again to continue 
the configuration. If you have backed up the modem router settings previously,
you should do a new backup so that the saved settings file includes the new password.
Changing the Administrator Login Timeout
For security, the administrator's login to the modem router configuration will timeout after a period of inactivity. To change the login timeout period:
1.In the Set Password menu, type a number in ‘Administrator login times out’ field. The suggested default value is 5 minutes.
2.Click Apply to save your changes or click Cancel to keep the current period.
3-2 |
Protecting Your Network |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
Configuring Basic Firewall Services
Basic firewall services you can configure include access blocking and scheduling of firewall security. These topics are presented below.
Blocking Keywords, Sites, and Services
The modem router provides a variety of options for blocking Internet based content and communications services. With its content filtering feature, the DG834 ADSL Modem Router prevents objectionable content from reaching your PCs. The modem router allows you to control access to Internet content by screening for keywords within Web addresses. Key content filtering options include:
•Keyword blocking of HTTP traffic.
•Outbound Service Blocking limits access from your LAN to Internet locations or services that you specify as off-limits.
•Denial of Service (DoS) protection. Automatically detects and thwarts Denial of Service (DoS) attacks such as Ping of Death, SYN Flood, LAND Attack and IP Spoofing.
•Blocking unwanted traffic from the Internet to your LAN.
The section below explains how to configure your modem router to perform these functions.
How to Block Keywords and Sites
The DG834 ADSL Modem Router allows you to restrict access to Internet content based on functions such as Web addresses and Web address keywords.
1.Log in to the modem router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever Password and LAN address you have chosen for the modem router.
Protecting Your Network |
3-3 |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
2. Select the Block Sites link of the Security menu.
Figure 3-3
3.To enable keyword blocking, select one of the following:
•Per Schedule—to turn on keyword blocking according to the settings on the Schedule page.
•Always—to turn on keyword blocking all of the time, independent of the Schedule page.
4.Enter a keyword or domain in the Keyword box, click Add Keyword, then click Apply. Some examples of Keyword application follow:
•If the keyword “XXX” is specified, the URL <http://www.badstuff.com/xxx.html> is blocked.
•If the keyword “.com” is specified, only Web sites with other domain suffixes (such as
.edu or .gov) can be viewed.
•Enter the keyword “.” to block all Internet browsing access.
Up to 32 entries are supported in the Keyword list.
5.To delete a keyword or domain, select it from the list, click Delete Keyword, then click Apply.
6.To specify a trusted user, enter that computer’s IP address in the Trusted IP Address box and click Apply.
3-4 |
Protecting Your Network |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
You can specify one trusted user, which is a computer that will be exempt from blocking and logging. Since the trusted user will be identified by an IP address, you should configure that computer with a fixed IP address.
7. Click Apply to save your settings.
Note: The Block Sites feature is disabled when the Trend Micro Home Security feature is 
enabled. This is because the Trend security system has incorporates its own site-
blocking capability.
Firewall Rules
Firewall rules are used to block or allow specific traffic passing through from one side of the router to the other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine what outside resources local users can have access to.
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of the DG834 v3 are:
•Inbound: Block all access from outside except responses to requests from the LAN side.
•Outbound: Allow all access from the LAN side to the outside.
You can define additional rules that will specify exceptions to the default rules. By adding custom rules, you can block or allow access based on the service or application, source or destination IP addresses, and time of day. You can also choose to log traffic that matches or does not match the rule you have defined.
You can change the order of precedence of rules so that the rule that applies most often will take effect first. See “Order of Precedence for Rules” on page 3-11 for more details.
Protecting Your Network |
3-5 |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
To access the rules configuration of the DG834 v3, click the Firewall Rules link on the main menu, then click Add for either an Outbound or Inbound Service.
Figure 3-4
•To edit an existing rule, select its button on the left side of the table and click Edit.
•To delete an existing rule, select its button on the left side of the table and click Delete.
•To move an existing rule to a different position in the table, select its button on the left side of the table and click Move. At the script prompt, enter the number of the desired new position and click OK.
Inbound Rules (Port Forwarding)
Because the DG834 v3 uses Network Address Translation (NAT), your network presents only one IP address to the Internet, and outside users cannot directly address any of your local computers. However, by defining an inbound rule you can make a local server (for example, a Web server or game server) visible and available to the Internet. The rule tells the modem router to direct inbound traffic for a particular service to one local server based on the destination port number. This is also known as port forwarding.
Note: Some residential broadband ISP accounts do not allow you to run any server 
processes (such as a Web or FTP server) from your location. Your ISP may
periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to the Acceptable Use Policy of your ISP.
3-6 |
Protecting Your Network |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
Remember that allowing inbound services opens holes in your firewall. Only enable those ports that are necessary for your network. Following are two application examples of inbound rules:
Inbound Rule Example: A Local Public Web Server
If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day. This rule is shown in Figure 3-5:
Figure 3-5
The parameters are:
•Service
From this list, select the application or service to be allowed or blocked. The list already displays many common services, but you are not limited to these choices. Use the Services menu to add any additional services or applications that do not already appear.
•Action
Choose how you want this type of traffic to be handled. You can block or allow always, or you can choose to block or allow according to the schedule you have defined in the Schedule menu.
•Send to LAN Server
Enter the IP address of the computer or server on your LAN which will receive the inbound traffic covered by this rule.
•WAN Users
These settings determine which packets are covered by the rule, based on their source (WAN) IP address. Select the desired option:
Protecting Your Network |
3-7 |
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
–Any — all IP addresses are covered by this rule.
–Address range — if this option is selected, you must enter the Start and Finish fields.
–Single address — enter the required address in the Start field.
•Log
You can select whether the traffic will be logged. The choices are:
–Never — no log entries will be made for this service.
–Always — any traffic for this service type will be logged.
–Match — traffic of this type which matches the parameters and action will be logged.
–Not match — traffic of this type which does not match the parameters and action will be logged.
Inbound Rule Example: Allowing Videoconferencing
If you want to allow incoming videoconferencing to be initiated from a restricted range of outside IP addresses, such as from a branch office, you can create an inbound rule. In the example shown in Figure 3-6, CU-SeeMe connections are allowed only from a specified range of external IP addresses. In this case, we have also specified logging of any incoming CU-SeeMe requests that do not match the allowed parameters.
Figure 3-6
3-8 |
Protecting Your Network |
v1.1, October 2006
Loading...