NETGEAR DG834 V3 User Manual 2
Reference Manual for the
ADSL Modem Router
DG834 v3
NETGEAR, Inc.
4500 Great America Parkway
Santa Clara, CA 95054 USA
202-10153-01
October 2006
© 2006 by NETGEAR, Inc. All rights reserved.
Trademarks
NETGEAR is a trademark of Netgear, Inc.
Microsoft, Windows, and Wi ndow s NT are registered trademar ks of Microsoft Corporation.
Other brand and product names are registered trademarks or trademarks of their respective holders.
Statement of Conditions
In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to
make changes to the products described in this document without notice.
NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit
layout(s) described herein.
Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a
residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and
used in accordance with the instruct ions, may cause harmf ul interference to radio communications. However, there is no
guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to
radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try
to correct the interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
• Consult the dealer or an experienced radio/TV technician for help.
Federal Communications Commission (FCC) Radiation Exposure Statement
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. In order to avoid
the possibility of exceeding the FCC radio frequency exposure limits, human proximity to the antenna shall not be less
than 20 cm (8 inches) during normal operation.
ii
v1.1, October 2006
European Union Statement of Compliance
Hereby, NETGEAR, Inc. declares that this modem router is in compliance with the essential requirements and other
relevant provisions of Directive 1999/5/EC.
Èesky
[Czech]
Dansk
[Danish]
Deutsch
[German]
Eesti
[Estonian]
English
Español
[Spanish]
Ελληνική
[Greek]
Français
[French]
NETGEAR, Inc. tímto prohlašuje, že tento DG834 ADSL Modem Router je ve shodì se
základními požadavky a dalšími pøíslušnými ustanoveními smìrnice 1999/5/ES.
Undertegnede
Modem Router
EF.
Hiermit erklärt
Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen
Bestimmungen der Richtlinie 1999/5/EG befindet.
Käesolevaga kinnitab NETGEAR, Inc. seadme DG834 ADSL Modem Router vastavust
direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele
asjakohastele sätetele.
Hereby, NETGEAR, Inc., declares that this DG834 ADSL Modem Router is in
compliance with the essential requirements and other relevant provisions of Directive
1999/5/EC.
Por medio de la presente NETGEAR, Inc. declara que el DG834 ADSL Modem Router
cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o
exigibles de la Directiva 1999/5/CE.
ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ NETGEAR, Inc. ΔΗΛΩΝΕΙ ΟΤΙ DG834 ADSL Modem Router
ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ
ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ 1999/5/ΕΚ.
Par la présente NETGEAR, Inc. déclare que l'appareil DG834 ADSL Modem Router est
conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive
1999/5/CE.
NETGEAR, Inc. erklærer herved, at følgende udstyr DG834 ADSL
overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/
NETGEAR, Inc., dass sich das Gerät DG834 ADSL Modem Router in
Italiano
[Italian]
Latviski
[Latvian]
Lietuviø
[Lithuanian]
Nederlands
[Dutch]
Con la presente NETGEAR, Inc. dichiara che questo DG834 ADSL Modem Router è
conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva
1999/5/CE.
Ar šo NETGEAR, Inc. deklarç, ka DG834 ADSL Modem Router atbilst Direktîvas 1999/
5/EK bûtiskajâm prasîbâm un citiem ar to saistîtajiem noteikumiem.
NETGEAR, Inc. deklaruoja, kad šis DG834 ADSL Modem Router atitinka esminius
Šiuo
reikalavimus ir kitas 1999/5/EB Direktyvos nuostatas.
Hierbij verklaart
overeenstemming is met de essentiële eisen en de andere relevante bepalingen van
richtlijn 1999/5/EG.
NETGEAR, Inc. dat het toestel DG834 ADSL Modem Router in
v1.1, October 2006
iii
Malti
[Maltese]
Hawnhekk,
mal-tiijiet essenzjali u ma provvedimenti orajn relevanti li hemm fid-Dirrettiva 1999/5/EC.
NETGEAR, Inc., jiddikjara li dan DG834 ADSL Modem Router jikkonforma
Magyar
[Hungarian]
Polski
[Polish]
Português
[Portuguese]
Slovensko
[Slovenian]
Slovensky
[Slovak]
Suomi
[Finnish]
Svenska
[Swedish]
Alulírott,
vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.
Niniejszym
zasadniczymi wymogami oraz pozosta³ymi stosownymi postanowieniami Dyrektywy
1999/5/EC.
NETGEAR, Inc. declara que este DG834 ADSL Modem Router está conforme com os
requisitos essenciais e outras disposições da Directiva 1999/5/CE.
NETGEAR, Inc. izjavlja, da je ta DG834 ADSL Modem Router v skladu z bistvenimi
zahtevami in ostalimi relevantnimi doloèili direktive 1999/5/ES.
NETGEAR, Inc. týmto vyhlasuje, že DG834 ADSL Modem Router spåòa základné
požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES.
NETGEAR, Inc. vakuuttaa täten että DG834 ADSL Modem Router tyyppinen laite on
direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen
mukainen.
Härmed intygar NETGEAR, Inc. att denna [utrustningstyp] står I överensstämmelse med
de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv
1999/5/EG.
NETGEAR, Inc. nyilatkozom, hogy a DG834 ADSL Modem Router megfelel a
NETGEAR, Inc. oœwiadcza, ¿e DG834 ADSL Modem Router jest zgodny z
A printed copy of the EU Declaration of Conformity certificate for this product is provided in the DG834 v3
product package.
Bestätigung des Herstellers/Importeurs
Es wird hiermit bestätigt, daß das DG834 ADSL Modem Router gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/
1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann
jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
Das Bundesamt für Zulassungen in der Telekommunikation wurde davon unterrichtet, daß dieses Gerät auf den Markt
gebracht wurde und es ist berechtigt, die Serie auf die Erfüllung der Vorschriften hin zu überprüfen.
Certificate of the Manufacturer/Importer
It is hereby certified that the DG834 ADSL Modem Router has been suppressed in accordance with the conditions set
out in the BMPT-AmtsblVfg 243/1991 and Vfg 46/1992. The operation of some equipment (for example, test
transmitters) in accordance with the regulations may, however, be subject to certain restrictions. Please refer to the notes
in the operating instructions.
Federal Office for Telecommunications Approvals has been notified of the placing of this equipment on the market
and has been granted the right to test the series for compliance with the regulations.
iv
v1.1, October 2006
Voluntary Contr ol Council for Interference (VCCI) Statement
This equipment is in the second category (information equipment to be used in a residential area or an adjacent area
thereto) and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing
Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas.
When used near a radio or TV receiver , it may become the cause of radio interference.
Read instructions for correct handling.
WProduct and Publication Details
Model Number: DG834 v3
Publication Date: October 2006
Product Family: Modem Router
Product Name: DG834 ADSL Modem Router
Home or Business Product: Home
Language: English
Publication Part Number: 202-10153-01
Change History
Version Date Published Change Description
1.0 January 2006 Original publication
1.1 October 2006 Removed NETBIOS feature.
v1.1, October 2006
v
vi
v1.1, October 2006
Contents
Reference Manual for the ADSL Modem Router DG834 v3
Chapter 1
About This Manual
Audience, Scope, Conventions, and Formats ................................................................1-1
How to Print this Manual .................................................................................................1-2
Chapter 2
Introduction
About the Modem Router ...............................................................................................2-1
Key Features ..................................................................................................................2-2
A Powerful, True Firewall .........................................................................................2-2
Easy Installation and Management ..........................................................................2-3
Protocol Support ......................................................................................................2-3
Virtual Private Networking (VPN) .............................................................................2-5
Auto Sensing and Auto Uplink™ LAN Ethernet Connections ..................................2-5
Content Filtering .......................................................................................................2-5
Trend Micro Home Network Security .......................................................................2-5
What’s in the Box? ..........................................................................................................2-6
The Modem Router’s Front Panel ............................................................................2-7
The Router’s Rear Panel .........................................................................................2-8
Connecting the Router to the Internet ............................................................................2-9
Chapter 3
Protecting Your Network
Protecting Access to Your DG834 ADSL Modem Router ...............................................3-1
How to Change the Built-In Password .....................................................................3-1
Changing the Administrator Login Timeout ..............................................................3-2
Configuring Basic Firewall Services ...............................................................................3-3
Blocking Keywords, Sites, and Services ..................................................................3-3
How to Block Keywords and Sites ...........................................................................3-3
v1.1, October 2006
vii
Firewall Rules .................................................................................................................3-5
Inbound Rules (Port Forwarding) .............................................................................3-6
Outbound Rules (Service Blocking) .........................................................................3-9
Order of Precedence for Rules .............................................................................. 3-11
Services ........................................................................................................................3-12
How to Define Services ..........................................................................................3-12
Setting Times and Scheduling Firewall Services ..........................................................3-13
How to Set Your Time Zone ...................................................................................3-13
How to Schedule Firewall Services ........................................................................3-15
Trend Micro Home Network Security ............................................................................3-15
Security Service Settings .......................................................................................3-16
Parental Controls Settings .....................................................................................3-18
Chapter 4
Managing Your Network
Backing Up, Restoring, or Erasing Your Settings ...........................................................4-1
How to Back Up the Configuration to a File .............................................................4-1
How to Restore the Configuration from a File ..........................................................4-2
How to Erase the Configuration ...............................................................................4-2
Upgrading the Modem Router’s Firmware ......................................................................4-2
How to Upgrade the Modem Router Firmware ........................................................4-3
Network Management Information .................................................................................4-4
Viewing Modem Router Status and Usage Statistics ...............................................4-4
Viewing Attached Devices ........................................................................................4-8
Viewing, Selecting, and Saving Logged Information ................................................4-8
Examples of Log Messages ................................................................................... 4-11
Enabling Security Event E-mail Notification .................................................................4-12
Running Diagnostic Utilities and Rebooting the Modem Router ...................................4-13
Enabling Remote Management ....................................................................................4-14
Configuring Remote Management .........................................................................4-15
Chapter 5
Advanced Configuration
Configuring Advanced Security ......................................................................................5-1
Setting Up A Default DMZ Server ............................................................................5-2
Connect Automatically, as Required ........................................................................5-3
Disable Port Scan and DOS Protection ...................................................................5-3
viii
v1.1, October 2006
Respond to Ping on Internet WAN Port ...................................................................5-4
MTU Size .................................................................................................................5-4
Configuring LAN IP Settings ...........................................................................................5-4
DHCP .......................................................................................................................5-6
How to Configure LAN TCP/IP Settings ...................................................................5-8
Configuring Dynamic DNS .......................................................................................5-8
How to Configure Dynamic DNS ..............................................................................5-9
Using Static Routes ......................................................................................................5-10
Static Route Example .............................................................................................5-10
How to Configure Static Routes ............................................................................. 5-11
Universal Plug and Play (UPnP) ...................................................................................5-13
Chapter 6
Virtual Private Networking (Advanced Feature)
Overview of VPN Configuration ......................................................................................6-1
Client-to-Gateway VPN Tunnels ..............................................................................6-2
Gateway-to-Gateway VPN Tunnels .........................................................................6-2
Planning a VPN ..............................................................................................................6-3
VPN Tunnel Configuration ..............................................................................................6-5
How to Set Up a Client-to-Gateway VPN Configuration .................................................6-6
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the DG834 v3 ..............6-6
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC .........6-11
How to Set Up a Gateway-to-Gateway VPN Configuration ..........................................6-20
VPN Tunnel Control ......................................................................................................6-27
Activating a VPN Tunnel ........................................................................................6-27
Verifying the Status of a VPN Tunnel .....................................................................6-30
Deactivating a VPN Tunnel ....................................................................................6-32
Deleting a VPN Tunnel ...........................................................................................6-34
How to Set Up VPN Tunnels in Special Circumstances ...............................................6-36
Using Auto Policy to Configure VPN Tunnels ........................................................6-36
Using Manual Policy to Configure VPN Tunnels ....................................................6-46
Chapter 7
Troubleshooting
Basic Functioning ...........................................................................................................7-1
Power LED Not On ...................................................................................................7-2
Test LED Never Turns On or Test LED Stays On .....................................................7-2
v1.1, October 2006
ix
LAN or Internet Port LEDs Not On ...........................................................................7-2
Troubleshooting the Web Configuration Interface ..........................................................7-3
Troubleshooting the ISP Connection ..............................................................................7-4
ADSL link .................................................................................................................7-4
Obtaining a WAN IP Address ...................................................................................7-5
Troubleshooting PPPoE or PPPoA ..........................................................................7-6
Troubleshooting Internet Browsing ..........................................................................7-7
Troubleshooting a TCP/IP Network Using the Ping Utility ..............................................7-7
Testing the LAN Path to Your Router .......................................................................7-7
Testing the Path from Your Computer to a Remote Device .....................................7-8
Restoring the Default Configuration and Password ........................................................7-9
Using the Reset button .............................................................................................7-9
Problems with Date and Time .......................................................................................7-10
Appendix A
Technical Specifications
Appendix B
NETGEAR VPN Configuration
DG834 v3 to FVL328 ..................................................................................................... B-1
Configuration Profile ................................................................................................ B-1
Step-By-Step Configuration ..................................................................................... B-2
DG834 v3 with FQDN to FVL328 .................................................................................. B-6
Configuration Profile ................................................................................................ B-6
Step-By-Step Configuration ..................................................................................... B-8
Configuration Summary (Telecommuter Example) ...................................................... B-14
Setting Up the Client-to-Gateway VPN Configuration (Telecommuter Example) ........ B-15
Step 1: Configuring the Client-to-Gateway VPN Tunnel on the VPN Router at the
Employer’s Main Office ......................................................................................... B-15
Step 2: Configuring the NETGEAR ProSafe VPN Client on the Remote PC at the
Telecommuter’s Home Office ................................................................................ B-17
Monitoring the VPN Tunnel (Telecommuter Example) ................................................. B-27
Viewing the PC Client’s Connection Monitor and Log Viewer ............................... B-27
Viewing the VPN Router’s VPN Status and Log Information ................................ B-28
Appendix C
Related Documents
x
v1.1, October 2006
Chapter 1
About This Manual
This chapter describes the intended audience, scope, conventions, and formats of this manual.
Audience, Scope, Conventions, and Formats
This reference manual assumes that the reader has basic to intermediate computer and Internet
skills. However, basic computer network, Internet, firewall, and VPN technologies tutorial
information is provided in the Appendices and on the Netgear website.
This guide uses the following typographical conventions:
Table 1-1. Typographical Conventions
italics Emphasis, books, CDs, URL names
bold User input
fixed Screen text, file and server names, extensions, commands, IP addresses
This guide uses the following formats to highlight special messages:
This manual is written for the DG834 ADSL Modem Router according to these specifications:
Note: This format is used to highlight information of importance or special interest.
Table 1-2. Manual Scope
Product Version DG834 ADSL Modem Router
Manual Publication Date October 2006
Note: Product updates are available on the NETGEAR, Inc. Web site at
http://kbserver.netgear.com.
About This Manual 1-1
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG83 4 v3
How to Print this Manual
To print this manual you can choose one of the following several options, according to your needs.
• Printing a Page in the HTML View.
Each page in the HTML version of the manual is dedicated to a major topic. Use the Print
button on the browser toolbar to print the page contents.
• Printing a Chapter.
Use the PDF of This Chapter link at the top left of any page.
Note: Your computer must have the free Adobe Acrobat reader installed in order to
view and print PDF files. The Acrobat reader is available on the Adobe Web
site at http://www.adobe.com.
– Click the PDF of This Chapter link at the top right of any page in the chapter you want to
print. The PDF version of the chapter you were viewing opens in a browser window.
– Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages o n a sin gle sheet of paper, you
can save paper and printer ink by selecting this feature.
• Printing the Full Manual.
Use the Complete PDF Manua l link at the top left of any page.
– Click the Complete PDF Manual link at the top left of any page in the manual. The PDF
version of the complete manual opens in a browser window.
– Click the print icon in the upper left of the window.
Tip: If your printer supports printing two pages o n a sin gle sheet of paper, you
can save paper and printer ink by selecting this feature.
1-2 About This Manual
v1.1, October 2006
Chapter 2
Introduction
This chapter describes the features of the NETGEAR DG834 ADSL Modem Router. The DG834
ADSL Modem Router is a combination of a built-in ADSL modem, modem router, 4-port switch,
and firewall which enables your entire network to safely share an Internet connection that
otherwise would be used by a single computer.
Note: If you are unfamiliar with networking and routing, refer to “Internet Networking
and TCP/IP Addressing:” in Appendix C to become more familiar with the terms
and procedures used in this manual.
About the Modem Router
The DG834 ADSL Modem Router provides continuous, high-speed 10/100 Ethernet access
between your Ethernet devices. With minimum setup, you can install and use the modem router
within minutes.
The DG834 ADSL Modem Router provides multiple Web content filtering options, plus e-mail
alerts and logging. Parents and network administrators can establish restricted access policies
based on time of day, Web site addresses, and address keywords. They ca n also share high-speed
ADSL Internet access for up to 253 personal computers. The included firewall and Network
Address Translation (NAT) features protect you from hackers.
The DG834 v3 also supports Trend Micro Home Network Security, a bundle of services that
includes router-based Parental Controls and network-wide protection from viruses, Trojans,
spyware, spam, and other Internet threats.
Introduction 2-1
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG83 4 v3
Key Features
The DG834 ADSL Modem Router provides the following features:
• A built-in ADSL modem
• A powerful, true firewall
• Easy, Web-based setup for installation and management
• Extensive Internet protocol support
• Trustworthy VPN Communications over the Internet
• VPN Wizard for easy VPN configuration
• Auto Sensing and Auto Uplink™ LAN Ethernet connections
• Content filtering
• Support for Trend Micro Home Network Security
These features are discussed below.
A Powerful, True Firewall
Unlike simple Internet sharing NAT routers, the DG834 v3 is a true firewall, using stateful packet
inspection to defend against hacker attacks. Its firewall features include:
• Denial of Service (DoS) protection
Automatically detects and thwarts Denial of Service (DoS) attacks such as Ping of Death,
SYN Flood, LAND Attack and IP Spoofing.
• Blocks unwanted traffic from the Internet to your LAN.
• Blocks access from your LAN to Internet locations or services that you specify as off-limits.
• Logs security incidents
The DG834 v3 will log security events such as blocked incoming traffic, port scans, attacks,
and administrator logins. You can configure the modem router to email the log to you at
specified intervals. Y ou can also configure the modem router to send immediate alert messages
to your email address or email pager whenever a significant event occurs.
2-2 Introduction
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
Easy Installation and Management
You can install, configure, and operate the DG834 v3 within minutes after connecting it to the
network. The following features simplify installation and management tasks:
• Browser-based management
Browser-based configuration allows you to easily configure your modem router from almost
any type of personal computer, such as Windows, Macintosh, or Linux. A user-friendly Setup
Wizard is provided and online help documentation is built into the browser-based Web
Management Interface.
• Smart Wizard
A wizard built into the modem router automatically senses the type of Internet connection,
asking you only for the information required for your type of ISP account.
• Remote management
The modem router allows you to log in to the Web management interface from a remote
location via the Internet. For security, you can limit remote management access to a specified
remote IP address or range of addresses, or you can choose a nonstandard port number.
• Diagnostic functions
The modem router incorporates built-in diagnostic functions such as Ping, DNS lookup, and
remote reboot. These functions allow you to test Internet connectivity and reboot the modem
router. You can use these diagnostic functions directly from th e DG834 v3 when you are
connected on the LAN or when you are connected over the Internet via the remote
management function.
• Visual monitoring
The modem router’s front panel LEDs provide an easy way to monitor its status and activity.
• Flash erasable programmable read-only memory (EPROM) for firmware upgrades.
Protocol Support
The DG834 v3 supports Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing
Information Protocol (RIP). “Internet Networking and TCP/IP Addressing:” in Appendix C
provides further information on TCP/IP.
• The Ability to Enable or Disable IP Address Sharing by NAT
The DG834 v3 allows several networked PCs to share an Internet account using only a single
IP address, which may be statically or dynamically assigned by your Internet service provider
(ISP). This technique, known as Network Address Translation (NAT), allows the use of an
inexpensive single-user ISP account. This feature can also be turned off comp let ely while
using the DG834 v3 if you want to manage the IP address scheme yourself.
Introduction 2-3
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG83 4 v3
• Automatic Configuration of Attached PCs by DHCP
The DG834 v3 dynamically assigns network configuration information, including IP, modem
router, and domain name server (DNS) addresses, to attached PCs on the LAN using the
Dynamic Host Configuration Protocol (DHCP). This feature greatly simplifies configuration
of PCs on your local network.
• DNS Proxy
When DHCP is enabled and no DNS addresses are specified, the modem router provides its
own address as a DNS server to the attached PCs. The modem router obtains actual DNS
addresses from the ISP during connection setup and forwards DNS requests from the LAN.
• Classical IP (RFC 1577)
Some Internet service providers, in Europe for example, use Classical IP in their ADSL
services. In such cases, the modem router is able to use the Classical IP address from the ISP.
• PPP over Ethernet (PPPoE)
PPP over Ethernet is a protocol for connecting remote hosts to the Internet over an ADSL
connection by simulating a dial-up connection. This feature eliminates the need to run a login
program such as EnterNet or WinPOET on your computer.
• PPP over ATM (PPPoA)
PPP over ATM is a protocol for connecting remote hosts to the Internet over an ADSL
connection by simulating an ATM connection.
• Dynamic DNS
Dynamic DNS services allow remote users to find your network using a domain name when
your IP address is not permanently assigned. The modem router contains a client that can
connect to many popular Dynamic DNS services to register your dynamic IP address.
• Universal Plug and Play (UPnP)
UPnP is a networking architecture that provides compatibility between networking
technologies. UPnP compliant routers provide broadband users at home and small businesses
with a seamless way to participate in online games, videoconferencing and other peer-to-peer
services.
2-4 Introduction
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
Virtual Private Networking (VPN)
The DG834 ADSL Modem Router provides a secure encrypted connection between your local
area network (LAN) and remote networks or clients. It includes the following VPN features:
• Supports 5 VPN connections.
• Supports industry standard VPN protocols
The DG834 ADSL Modem Router supports standard Manual or IKE keying methods,
standard MD5 and SHA-1 authentication methods, and standard DES and 3DES encryption
methods. It is compatible with many other VPN products.
• Supports 3DES encryption for maximum security.
• VPN Wizard based on VPNC recommended settings.
Auto Sensing and Auto Uplink™ LAN Ethernet Connections
With its internal 4-port 10/100 switch, the DG834 v3 can connect to either a 10 Mbps standard
Ethernet network or a 100 Mbps Fast Ethernet network. The local LAN ports are autosensing and
capable of full-duplex or half-duplex operation.
The modem router incorporates Auto Uplink
automatically sense whether the Ethernet cable plugged into the port should have a ‘normal’
connection such as to a computer or an ‘uplink’ connection such as to a switch or hub. That port
will then configure itself to the correct configuration. This feature also eliminates the need to
worry about crossover cables, as Auto Uplink will accommodate either type of cable to make the
right connection.
TM
technology. Each local Ethernet port will
Content Filtering
With its content filtering feature, the DG834 v3 prevents objectionable content from reaching your
PCs. The modem router allows you to control access to Internet content by screening for keywords
within Web addresses. You can co nfig ure the mo dem router to log and report attempts to access
objectionable Internet sites.
Trend Micro Home Network Security
This service bundle from Trend Micro has three components:
• Trend Micro dashboard
This component is free for unlimited use. From the dashboard you can:
— Scan your computer and entire network for security vulnerabilities
— View individual computer and network-wide security reports
Introduction 2-5
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG83 4 v3
— Detect and remove spyware
— View attempts to access content restricted by Parental Controls
— Purchase subscriptions for Parental Controls and Trend Micro Internet Security
• Trend Micro Internet Security
You can install this program on up to 10 computers and try it free for 60 days. Its features
include:
— Real-time and scheduled scanning to remove viruses, Trojans, spyware, and other Internet
threats
— Personal firewall
— Network intruder detection
—Anti-spam
• Router-based Parental Controls
This service restricts home network users from viewing inappropriate Web content. It is free
for 60 days, and when you register your free trial of Trend Micro Internet Security, your free
use of Parental Controls is automatically extended to one year.
For instructions on activating these services, refer to “Trend Micro Home Network Security” on
page 3-15.
What’s in the Box?
The product package should contain the following items:
• DG834 ADSL Modem Router
• AC power adapter (varies by region)
• Category 5 (Cat 5) Ethernet cable
• Telephone cable with RJ-11 connector
• Microfilters (quantity and type vary by region)
• ADSL Modem Router Resource CD, including this guide
• A Printed Quick Installation Guide
• Warranty and Support Information Cards
• Two plastic feet that can be used to stand the DG834 ADSL Modem Router on end.
If any of the parts are incorrect, missing, or damaged, contact your NETGEAR dealer. Keep the
carton, including the original packing materials, in case you need to return the product for repair.
2-6 Introduction
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
The Modem Router’s Front Panel
The DG834 ADSL Modem Router front panel shown below contains status LEDs.
1
2
34
Figure 2-1
You can use the LEDs to verify various conditions. Table 2-1 lists and describes each LED on the
front panel of the modem router. These LEDs are green when lit.
Table 2-1. LED Descriptions
Label Activity Description
1. Power
2. Test
3. Internet
4. LAN
On
Off
On
Off
Blink — Amber
On — Green
Blink — Green
On (Green)
Blink (Green)
On (Amber)
Blink (Amber)
Off
Power is supplied to the modem router.
Power is not supplied to the modem router.
The system is initializing.
The system is ready and running.
Indicates ADSL training.
The Internet port has detected a link with an attached device.
Data is being transmitted or received by the Internet port.
The Local port has detected a link with a 100 Mbps device.
Data is being transmitted or received at 100 Mbps.
The Local port has detected a link with a 10 Mbps device.
Data is being transmitted or received at 10 Mbps.
No link is detected on this port.
Introduction 2-7
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG83 4 v3
The Router’s Rear Panel
The rear panel of the DG834 ADSL Modem Router (Figure 2-2) contains port connections.
2
4
1
Figure 2-2
3
Viewed from left to right, the rear panel contains the following elements:
1. RJ-11 ADSL port for connecting the firewall to an ADSL line
2. Four Local Ethernet RJ-45 LAN ports for connecting the firewall to the local computers
3. Factory Default Reset push button
4. AC power adapter outlet
2-8 Introduction
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
Connecting the Router to the Internet
To connect your DG834 ADSL Modem Router to the Internet, refer to the ADSL Modem Router
Setup Manual on the ADSL Modem Router Resource CD or online as shown in the following table.
Table 2-1.
Language URL
Dutch
English
French
German
Italian
Spanish
Swedish
http://documentation.netgear.com/dg834/nld/208-10032-01/
http://documentation.netgear.com/dg834/enu/208-10026-01/
http://documentation.netgear.com/dg834/fra/208-10027-01/
http://documentation.netgear.com/dg834/deu/208-10028-01/
http://documentation.netgear.com/dg834/ita/208-10029-01/
http://documentation.netgear.com/dg834/esp/208-10030-01/
http://documentation.netgear.com/dg834/sve/208-10031-01/
Introduction 2-9
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG83 4 v3
2-10 Introduction
v1.1, October 2006
Chapter 3
Protecting Your Network
This chapter describes how to use the basic firewall features of the DG834 ADSL Modem Router
to protect your network. It also describes how to configure Trend Micro Home Network Security.
Protecting Access to Your DG834 ADSL Modem Router
For security reasons, the modem router has its own user name and password. Also, after a period
of inactivity for a set length of time, the administrator login will automatically disconnect. When
prompted, enter admin for the modem router User Name and password for the modem router
Password. You can use procedures below to change the modem router's password and the amount
of time for the administrator’s login timeout.
Note: The user name and password are not the same as any user name or password your
may use to log in to your Internet connection.
NETGEAR recommends that you change this password to a more secure password. The ideal
password should contain no dictionary words from any language, and should be a mixture of both
upper and lower case letters, numbers, and symbols. Your password can be up to 30 characters.
How to Change the Built-In Password
1. Log in to the modem router at its default LAN address of http://192.168.0.1 with its default
User Name of admin, default password of password, or using whatever Password and LAN
address you have chosen for the modem router.
Figure 3-1
Protecting Your Network 3-1
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG83 4 v3
2. From the Main Menu of the browser interface, under the Maintenance heading, select Set
Password to bring up the menu shown in Figure 3-2.
Figure 3-2
3. To change the password, first enter the old password, and then enter the new password twice.
4. Click Apply to save your changes.
Note: After changing the password, you will be required to log in again to continue
the configuration. If you have backed up the modem router settings previously,
you should do a new backup so that the saved settings file includes the new
password.
Changing the Administrator Login Timeout
For security , the administrator's login to the modem router configuration will timeout after a period
of inactivity. To change the login timeout period:
1. In the Set Password menu, type a number in ‘Administrator login times out’ field. The
suggested default value is 5 minutes.
2. Click Apply to save your changes or click Cancel to keep the current period.
3-2 Protecting Your Network
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
Configuring Basic Firewall Services
Basic firewall services you can configure include access blocking and scheduling of firewall
security. These topics are presented below.
Blocking Keywords, Sites, and Services
The modem router provides a variety of options for blocking Internet based content and
communications services. With its content filtering feature, the DG834 ADSL Modem Router
prevents objectionable content from reaching your PCs. The modem router allows you to control
access to Internet content by screening for keywords within Web addresses. Key content filtering
options include:
• Keyword blocking of HTTP traffic.
• Outbound Service Blocking limits access from your LAN to Internet locations or services that
you specify as off-limits.
• Denial of Service (DoS) protection. Automatically detects and thwarts Denial of Service
(DoS) attacks such as Ping of Death, SYN Flood, LAND Attack and IP Spoofing.
• Blocking unwanted traffic from the Internet to your LAN.
The section below explains how to configure your
modem router to perform these functions.
How to Block Keywords and Sites
The DG834 ADSL Modem Router allows you to restrict access to Internet content based on
functions such as Web addresses and Web address keywords.
1. Log in to the modem router at its default LAN address of http://192.168.0.1 with its default
User Name of admin, default password of password, or using whatever Password and LAN
address you have chosen for the modem router.
Protecting Your Network 3-3
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG83 4 v3
2. Select the Block Sites link of the Security menu.
Figure 3-3
3. To enable keyword blocking, select one of the following:
• Per Schedule—to turn on keyword blocking according to the settings on the Schedule
page.
• Always—to turn on keyword blocking all of the time, independent of the Schedule page.
4. Enter a keyword or domain in the Keyword box, click Add Keyword, then click Apply.
Some examples of Keyword application follow:
• If the keyword “XXX” is specified, the URL <http://www.badstuff.com/xxx.html> is
blocked.
• If the keyword “.com” is specified, only Web sites with other domain suffixes (such as
.edu or .gov) can be viewed.
• Enter the keyword “.” to block all Internet browsing access.
Up to 32 entries are supported in the Keyword list.
5. T o delete a keyword or domain, select it from the list, click Delete Keyword, then click Apply.
6. To specify a trusted user, enter that computer’s IP address in the Trusted IP Address box and
click Apply.
3-4 Protecting Your Network
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
You can specify one trusted user, which is a computer that will be exempt from blocking and
logging. Since the trusted user will be identified by an IP address, you should configure that
computer with a fixed IP address.
7. Click Apply to save your settings.
Note: The Block Sites feature is disabled when the Trend Micr o Home Security featu re is
enabled. This is because the Trend security system has incorporates its own siteblocking capability.
Firewall Rules
Firewall rules are used to block or allow specific traffic passing through from one side of the router
to the other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources,
selectively allowing only specific outside users to access specific resources. Outbound rules (LAN
to WAN) determine what outside resources local users can have access to.
A firewall has two default rules, one for inbound traffic and one for outbound. The default rules of
the DG834 v3 are:
• Inbound: Block all access from outside except responses to requests from the LAN side.
• Outbound: Allow all access from the LAN side to the outside.
You can define additional rules that will specify exceptions to the default rules. By adding custom
rules, you can block or allow access based on the service or application, source or destinat ion IP
addresses, and time of day. You can also choose to log traffic that matches or does not match the
rule you have defined.
You can change the order of precedence of rules so that the rule that applies most often will take
effect first. See “Order of Precedence for Rules” on page 3-11 for more details.
Protecting Your Network 3-5
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG83 4 v3
T o access the rules configuration of the DG834 v3, click the Firewall Rules link on the main menu,
then click Add for either an Outbound or Inbound Service.
Figure 3-4
• To edit an existing rule, select its button on the left side of the table and click Edit.
• To delete an existing rule, select its button on the left side of the table and click Delete.
• To move an existing rule to a different position in the table, select its button on the left side of
the table and click Move. At the script prompt, enter the number of the desired new position
and click OK.
Inbound Rules (Port Forwarding)
Because the DG834 v3 uses Network Address Translation (NAT), your network presents only one
IP address to the Internet, and outside users cannot directly address any of your local computers.
However, by defining an inbound rule you can make a local server (for example, a Web server or
game server) visible and available to the Internet. The rule tells the modem router to direct
inbound traffic for a particular service to one local server based on the destination port number.
This is also known as port forwarding.
Note: Some residential broadband ISP accounts do not allow you to run any server
processes (such as a Web or FTP server) from your location. Your ISP may
periodically check for servers and may suspend your account if it discovers any
active services at your location. If you are unsure, refer to the Acceptable Use
Policy of your ISP.
3-6 Protecting Your Network
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG834 v3
Remember that allowing inbound services opens holes in your firewall. Only enable those ports
that are necessary for your network. Following are two application examples of inbound rules:
Inbound Rule Example: A Local Public Web Server
If you host a public W eb ser ver on your local network, you can define a rule to allow inbound Web
(HTTP) requests from any outside IP address to the IP address of your Web server at any time of
day. This rule is shown in Figure 3-5:
Figure 3-5
The parameters are:
•Service
From this list, select the application or service to be allowed or blocked. The list already
displays many common services, but you are not limited to these choices. Use the Services
menu to add any additional services or applications that do not already appear.
• Action
Choose how you want this type of traffic to be handled. You can block or allow always, or you
can choose to block or allow according to the schedule you have defined in the Schedule
menu.
• Send to LAN Server
Enter the IP address of the computer or server on your LAN which will receive the inbound
traffic covered by this rule.
• WAN Users
These settings determine which packets are covered by the rule, based on their source (WAN)
IP address. Select the desired option:
Protecting Your Network 3-7
v1.1, October 2006
Reference Manual for the ADSL Modem Router DG83 4 v3
– Any — all IP addresses are covered by this rule.
– Address range — if this option is selected, you must enter the Start and Finish fields.
– Single address — enter the required address in the Start field.
•Log
You can select whether the traffic will be logged. The choices are:
– Never — no log entries will be made for this service.
– Always — any traffic for this service type will be logged.
– Match — traffic of this type which matches the parameters and action will be logged.
– Not match — traffic of this type which does not match the parameters and action will be
logged.
Inbound Rule Example: Allowing Videoconferencing
If you want to allow incoming videoconferencing to be initiated from a restricted range of outside
IP addresses, such as from a branch office, you can create an inbound rule. In the example shown
in Figure 3-6, CU-SeeMe connections are allowed only from a specified range of external IP
addresses. In this case, we have also specified logging of any incoming CU-SeeMe requests that
do not match the allowed parameters.
Figure 3-6
3-8 Protecting Your Network
v1.1, October 2006
Loading...