Reference Manual for the Model DG834 ADSL Firewall Router NETGEAR, Inc.
© 2004 by NETGEAR, Inc. All rights reserved. May, 2004. Trademarks NETGEAR is a trademark of Netgear, Inc. Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or trademarks of their respective holders. Statement of Conditions In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice.
Bestätigung des Herstellers/Importeurs Es wird hiermit bestätigt, daß das DG834 ADSL Firewall Router gemäß der im BMPT-AmtsblVfg 243/1991 und Vfg 46/1992 aufgeführten Bestimmungen entstört ist. Das vorschriftsmäßige Betreiben einiger Geräte (z.B. Testsender) kann jedoch gewissen Beschränkungen unterliegen. Lesen Sie dazu bitte die Anmerkungen in der Betriebsanleitung.
iv
Contents Chapter 1 About This Guide Audience, Conventions, Scope ......................................................................................1-1 How to Use this Manual ..................................................................................................1-2 How to Print this Manual .................................................................................................1-3 Chapter 2 Introduction About the Router .................................................................
Connecting the DG834 to Your LAN ...............................................................................3-5 How to Connect the Router ......................................................................................3-5 Auto-Detecting Your Internet Connection Type ..............................................................3-9 Wizard-Detected PPPoE Login Account Setup ...................................................... 3-11 Wizard-Detected PPPoA Login Account Setup .........................
How to Schedule Firewall Services ........................................................................4-15 Chapter 5 Managing Your Network Backing Up, Restoring, or Erasing Your Settings ...........................................................5-1 How to Back Up the Configuration to a File .............................................................5-1 How to Restore the Configuration from a File ..........................................................5-2 How to Erase the Configuration ............
How to Configure LAN TCP/IP Settings ...................................................................6-7 Configuring Dynamic DNS .......................................................................................6-7 How to Configure Dynamic DNS ..............................................................................6-8 Using Static Routes ........................................................................................................6-9 Static Route Example .............................
Netmask .................................................................................................................. B-4 Subnet Addressing .................................................................................................. B-4 Private IP Addresses ............................................................................................... B-7 Single IP Address Operation Using NAT .................................................................
Verifying the Readiness of Your Internet Account ....................................................... C-18 Are Login Protocols Used? ................................................................................... C-18 What Is Your Configuration Information? .............................................................. C-18 Obtaining ISP Configuration Information for Windows Computers ....................... C-19 Obtaining ISP Configuration Information for Macintosh Computers .....................
Chapter 1 About This Guide Thank you for purchasing the NETGEAR™ DG834 ADSL Firewall Router. Audience, Conventions, Scope This reference manual assumes that the reader has basic-to-intermediate computer and Internet skills. However, basic computer network, Internet, firewall, and networking technology tutorial information is provided in the Appendices. This guide uses the following typographical conventions: Table 1.
Reference Manual for the Model DG834 ADSL Firewall Router How to Use this Manual The HTML version of this manual includes these features. 2 1 3 Figure 1 -1: HTML version of this manual 1. Left pane. Use the left pane to view the Contents, Index, Search, and Favorites tabs. To view the HTML version of the manual, you must have a version 4 or later browser with JavaScript enabled. 2. Toolbar buttons. Use the toolbar buttons across the top to navigate, print pages, and more.
Reference Manual for the Model DG834 ADSL Firewall Router How to Print this Manual To print this manual you man choose one of the following several options, according to your needs. • Printing a “How To” Sequence of Steps in the HTML View. Use the Print button on the upper right of the toolbar to print the currently displayed topic.
Reference Manual for the Model DG834 ADSL Firewall Router 1-4 About This Guide
Chapter 2 Introduction This chapter describes the features of the NETGEAR DG834 ADSL Firewall Router. The DG834 ADSL router is a combination of a built-in ADSL modem, router, 4-port switch, and firewall which enables your entire network to safely share an Internet connection that otherwise is used by a single computer. Note: If you are unfamiliar with networking and routing, refer to Appendix B, “Network and Routing Basics” to become more familiar with the terms and procedures used in this manual.
Reference Manual for the Model DG834 ADSL Firewall Router Key Features The DG834 ADSL router provides the following features: • A powerful, true firewall • Content filtering • Auto Sensing and Auto Uplink™ LAN Ethernet connections • Extensive Internet protocol support • Easy, Web-based setup for installation and management • A built-in ADSL modem These features are discussed below.
Reference Manual for the Model DG834 ADSL Firewall Router Auto Sensing and Auto Uplink™ LAN Ethernet Connections With its internal 4-port 10/100 switch, the DG834 can connect to either a 10 Mbps standard Ethernet network or a 100 Mbps Fast Ethernet network. The local LAN ports are autosensing and capable of full-duplex or half-duplex operation. The router incorporates Auto UplinkTM technology.
Reference Manual for the Model DG834 ADSL Firewall Router • PPP over Ethernet (PPPoE) PPP over Ethernet is a protocol for connecting remote hosts to the Internet over an ADSL connection by simulating a dial-up connection. This feature eliminates the need to run a login program such as EnterNet or WinPOET on your computer. • PPP over ATM (PPPoA) PPP over ATM is a protocol for connecting remote hosts to the Internet over an ADSL connection by simulating an ATM connection.
Reference Manual for the Model DG834 ADSL Firewall Router • Diagnostic functions The router incorporates built-in diagnostic functions such as Ping, DNS lookup, and remote reboot. These functions allow you to test Internet connectivity and reboot the router. You can use these diagnostic functions directly from the DG834 when your are connect on the LAN or when you are connected over the Internet via the remote management function.
Reference Manual for the Model DG834 ADSL Firewall Router The Router’s Front Panel The DG834 ADSL Firewall Router front panel shown below contains status LEDs. ADSL Firewall Router DG834 Power Test Internet LAN Figure 2-1: DG834 Front Panel You can use the LEDs to verify various conditions. Table 2-1 lists and describes each LED on the front panel of the router. These LEDs are green when lit. Table 2-1. LED Descriptions Label Activity Description Power On Off Power is supplied to the router.
Reference Manual for the Model DG834 ADSL Firewall Router The Router’s Rear Panel The rear panel of the DG834 ADSL Firewall Router (Figure 2-2) contains port connections.
Reference Manual for the Model DG834 ADSL Firewall Router 2-8 Introduction
Chapter 3 Connecting the Router to the Internet This chapter describes how to set up the router on your Local Area Network (LAN) and connect to the Internet. It describes how to configure your DG834 ADSL Firewall Router for Internet access using the Setup Wizard, or how to manually configure your Internet connection. What You Need Before You Begin You need to prepare the following before you can establish an Internet connection through your router: 1.
Reference Manual for the Model DG834 ADSL Firewall Router Each device such as a telephone, fax machine, answering machine, or caller ID display will require an ADSL microfilter. Note: Do not connect the DG834 to the ADSL line through a microfilter unless the microfilter is a combination microfilter/splitter specifically designed for this purpose. Doing so will prevent the built-in ADSL modem in the DG834 from establishing a connection to the Internet.
Reference Manual for the Model DG834 ADSL Firewall Router Internet Configuration Requirements Depending on how your ISP set up your Internet account, you need one or more of these configuration parameters to connect your router to the Internet: • Virtual Path Identifier (VPI)/Virtual Channel Indentifier (VCI) parameters • Multiplexing Method • Host and Domain Names • ISP Login Name and Password • ISP Domain Name Server (DNS) Addresses • Fixed or Static IP Address Where Do I Get the Internet Con
Reference Manual for the Model DG834 ADSL Firewall Router ISP Multiplexing Method and Virtual Circuit Number: The default settings of your DG834 ADSL Firewall Router will work fine for most ISPs. However, some ISPs use a specific Multiplexing Method or a Virtual Circuit Number for either the Virtual Path Identifier (VPI) or Virtual Channel Identifier (VCI).
Reference Manual for the Model DG834 ADSL Firewall Router Connecting the DG834 to Your LAN This section provides instructions for connecting the DG834 ADSL router. Note: The Resource CD included with your router contains an animated Installation Assistant to help you through this procedure. How to Connect the Router There are four steps to connecting your firewall: 1. Connect the router to your ADSL line. 2. Connect the router to the computers on your network. 3. Log in to the router. 4.
Reference Manual for the Model DG834 ADSL Firewall Router . Phone DSL Line A Figure 3-4: Connecting an ADSL microfilter and phone Note: To use a one-line filter with a separate splitter, insert the splitter into the phone outlet, connect the one-line filter to the splitter, and connect the phone to the filter. 2. CONNECT THE DG834 TO THE INTERNET. Note: Improperly connecting a filter to your DG834 ADSL router will block your ADSL connection. a. Turn off your computer. b.
Reference Manual for the Model DG834 ADSL Firewall Router c. Connect the Ethernet cable (C) from your DG834’s LAN port to the Ethernet adapter in your computer. 3KRQH '6/ /LQH C !$3, &IREWALL 2OUTER $' Figure 3-6: Connecting a computer to the DG834 ADSL router Note: The DG834 ADSL router incorporates Auto UplinkTM technology.
Reference Manual for the Model DG834 ADSL Firewall Router 3. LOG IN TO THE DG834. Note: Your computer needs to be configured for DHCP. For instructions on configuring for DHCP, please see Appendix C, “Preparing Your Network”. a. Connect to the router by typing http://192.168.0.1 in the address field of Internet Explorer or Netscape® Navigator. Figure 3-7: Connect to the router A login window opens as shown below: Figure 3-8: Login window b.
Reference Manual for the Model DG834 ADSL Firewall Router Figure 3-9: Setup Wizard 4. CONNECT TO THE INTERNET The router is now properly attached to your network. You are now ready to configure your router to connect to the Internet. There are two ways you can configure your router to connect to the Internet: a. Let the DG834 auto-detect the type of Internet connection you have and configure it. See “Auto-Detecting Your Internet Connection Type” on page 3-9 for instructions. b.
Reference Manual for the Model DG834 ADSL Firewall Router Note: If instead of the Setup Wizard menu, the main menu of the router’s Configuration Manager as shown in Figure 3-15 appears, click the Setup Wizard link in the upper left to bring up this menu. 2. You must select a country and language. Language choices are English, French, German, and Italian. After you change the language, the remaining setup screens change to the language of your choice. 3.
Reference Manual for the Model DG834 ADSL Firewall Router Wizard-Detected PPPoE Login Account Setup If the Setup Wizard determines that your Internet service account uses a login protocol such as PPP over Ethernet (PPPoE), you will be directed to the PPPoE page shown in Figure 3-10: Figure 3-10: Setup Wizard menu for PPPoE login accounts Enter the PPPoE login user name and password.
Reference Manual for the Model DG834 ADSL Firewall Router Wizard-Detected Dynamic IP Account Setup If the Setup Wizard determines that your Internet service account uses Dynamic IP assignment, you will be directed to the page shown in Figure 3-12 below: Figure 3-12: Setup Wizard menu for Dynamic IP address Click Apply to set Dynamic IP as the connection method.
Reference Manual for the Model DG834 ADSL Firewall Router DNS servers are required to perform the function of translating an Internet name such as www.netgear.com to a numeric IP address. For a fixed IP address configuration, you must obtain DNS server addresses from your ISP and enter them manually here. 3. Click Apply to save the settings. 4. Click the Test button to test your Internet connection. If the NETGEAR Web site does not appear within one minute, refer to Chapter 7, “Troubleshooting”.
Reference Manual for the Model DG834 ADSL Firewall Router 4. Enter the IP address of your ISP’s Primary DNS Server. If a Secondary DNS Server address is available, enter it also. DNS servers are required to perform the function of translating an Internet name such as www.netgear.com to a numeric IP address. For a fixed IP address configuration, you must obtain DNS server addresses from your ISP and enter them manually here. 5. Click Apply to save the settings. 6.
Reference Manual for the Model DG834 ADSL Firewall Router Manually Configuring Your Internet Connection You can manually configure your router using the menu below, or you can allow the Setup Wizard to determine your configuration as described in the previous section.
Reference Manual for the Model DG834 ADSL Firewall Router How to Perform Manual Configuration We recommend that you start the manual configuration from the Setup Wizard: 1. Select your country and language. Language choices are English, French, German, and Italian. After you change the language, the remaining setup screens change to the language of your choice. 2. Select No to manually configure your router connection. 3. Click Next. 4.
Reference Manual for the Model DG834 ADSL Firewall Router 6. 7. • Select “Get Automatically from ISP” if your ISP assigns your IP address. • Select “Use Static IP Address” if your ISP gives you a statically assigned address. The DNS server is used to look up site addresses based on their names. • Select “Get Automatically from ISP” if your ISP uses DHCP to assign your DNS servers. Your ISP will automatically assign this address.
Reference Manual for the Model DG834 ADSL Firewall Router • 7. Select “Get Automatically from ISP” if your ISP uses DHCP to assign your DNS servers. Your ISP will automatically assign this address. Select “Use These DNS Servers” if your ISP gave you one or two DNS addresses. Type the primary and secondary addresses.You should only disable NAT if you are sure you do not require it. NAT automatically assigns private IP addresses (192.168.0.x) to LAN connected devices.
Reference Manual for the Model DG834 ADSL Firewall Router A DNS server is a host on the Internet that translates Internet names (such as www.netgear.com) to numeric IP addresses. Typically your ISP transfers the IP address of one or two DNS servers to your router during login. If the ISP does not transfer an address, you must obtain it from the ISP and enter it manually here. 5. You should only disable NAT if you are sure you do not require it. NAT automatically assigns private IP addresses (192.168.0.
Reference Manual for the Model DG834 ADSL Firewall Router If your ISP provided you with a specific Multiplexing Method or VPI/VCI number, then fill in the following: 1. Select the ADSL Settings link from the main menu. 2. For the Multiplexing Method, select LLC-based or VC-based. 3. Type a number between 0 and 255 for the VPI. The default is 8. 4. Type a number between 1 and 65535 for the VCI. The default is 35. 5. Click Apply.
Chapter 4 Protecting Your Network This chapter describes how to use the basic firewall features of the DG834 ADSL Firewall Router to protect your network. Protecting Access to Your DG834 ADSL Firewall Router For security reasons, the router has its own user name and password. Also, after a period of inactivity for a set length of time, the administrator login will automatically disconnect. When prompted, enter admin for the router User Name and password for the router Password.
Reference Manual for the Model DG834 ADSL Firewall Router 2. From the Main Menu of the browser interface, under the Maintenance heading, select Set Password to bring up the menu shown in Figure 4-2. Figure 4-2: Set Password menu 3. To change the password, first enter the old password, and then enter the new password twice. 4. Click Apply to save your changes. Note: After changing the password, you will be required to log in again to continue the configuration.
Reference Manual for the Model DG834 ADSL Firewall Router Blocking Keywords, Sites, and Services The router provides a variety of options for blocking Internet based content and communications services. With its content filtering feature, the DG834 ADSL router prevents objectionable content from reaching your PCs. The router allows you to control access to Internet content by screening for keywords within Web addresses. Key content filtering options include: • Keyword blocking of HTTP traffic.
Reference Manual for the Model DG834 ADSL Firewall Router 2. Select the Block Sites link of the Security menu. Figure 4-3: Block Sites menu 3. To enable keyword blocking, select one of the following: • Per Schedule to turn on keyword blocking according to the settings on the Schedule page. • Always to turn on keyword blocking all of the time, independent of the Schedule page. Enter a keyword or domain in the Keyword box, click Add Keyword, then click Apply.
Reference Manual for the Model DG834 ADSL Firewall Router 7. Click Apply to save your settings. Firewall Rules Firewall rules are used to block or allow specific traffic passing through from one side to the other. Inbound rules (WAN to LAN) restrict access by outsiders to private resources, selectively allowing only specific outside users to access specific resources. Outbound rules (LAN to WAN) determine what outside resources local users can have access to.
Reference Manual for the Model DG834 ADSL Firewall Router • • • To edit an existing rule, select its button on the left side of the table and click Edit. To delete an existing rule, select its button on the left side of the table and click Delete. To move an existing rule to a different position in the table, select its button on the left side of the table and click Move. At the script prompt, enter the number of the desired new position and click OK.
Reference Manual for the Model DG834 ADSL Firewall Router Inbound Rule Example: A Local Public Web Server If you host a public Web server on your local network, you can define a rule to allow inbound Web (HTTP) requests from any outside IP address to the IP address of your Web server at any time of day. This rule is shown in Figure 4-5: Figure 4-5: Rule example: A Local Public Web Server The parameters are: • Service From this list, select the application or service to be allowed or blocked.
Reference Manual for the Model DG834 ADSL Firewall Router • • WAN Users These settings determine which packets are covered by the rule, based on their source (WAN) IP address. Select the desired option: • Any — all IP addresses are covered by this rule. • Address range — if this option is selected, you must enter the Start and Finish fields. • Single address — enter the required address in the Start fields. Log You can select whether the traffic will be logged.
Reference Manual for the Model DG834 ADSL Firewall Router Considerations for Inbound Rules • If your external IP address is assigned dynamically by your ISP, the IP address may change periodically as the DHCP lease expires. Consider using the Dynamic DNS feature in the Advanced menus so that external users can always find your network. • If the IP address of the local server computer is assigned by DHCP, it may change when the computer is rebooted.
Reference Manual for the Model DG834 ADSL Firewall Router Outbound Rule Example: Blocking Instant Messenger If you want to block Instant Messenger usage by employees during working hours, you can create an outbound rule to block that application from any internal IP address to any external address according to the schedule that you have created in the Schedule menu. You can also have the router log any attempt to use Instant Messenger during that blocked period.
Reference Manual for the Model DG834 ADSL Firewall Router • • • LAN Users These settings determine which packets are covered by the rule, based on their source LAN IP address. Select the desired option: • Any — all IP addresses are covered by this rule. • Address range — if this option is selected, you must enter the Start and Finish fields. • Single address — enter the required address in the Start fields.
Reference Manual for the Model DG834 ADSL Firewall Router Order of Precedence for Rules As you define new rules, they are added to the tables in the Rules menu, as shown in Figure 4-8: Figure 4-8: Rules table with examples For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the Rules Table, beginning at the top and proceeding to the default rules at the bottom.
Reference Manual for the Model DG834 ADSL Firewall Router Although the DG834 already holds a list of many service port numbers, you are not limited to these choices. Use the procedure below to create your own service definitions. How to Define Services 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever Password and LAN address you have chosen for the router. 2.
Reference Manual for the Model DG834 ADSL Firewall Router 4. Click Apply to save your changes. Setting Times and Scheduling Firewall Services The DG834 ADSL router uses the Network Time Protocol (NTP) to obtain the current time and date from one of several Network Time Servers on the Internet. How to Set Your Time Zone In order to localize the time for your log entries, you must specify your Time Zone: 1. Log in to the router at its default LAN address of http://192.168.0.
Reference Manual for the Model DG834 ADSL Firewall Router Note: If your region uses Daylight Savings Time, you must manually select Adjust for Daylight Savings Time on the first day of Daylight Savings Time, and clear it at the end. Enabling Daylight Savings Time will cause one hour to be added to the standard time. 4. The router has a list of NETGEAR NTP servers. If you would prefer to use a particular NTP server as the primary server, enter its IP address under Use this NTP Server. 5.
Reference Manual for the Model DG834 ADSL Firewall Router 4-16 Protecting Your Network
Chapter 5 Managing Your Network This chapter describes how to perform network management tasks with your DG834 ADSL Firewall Router. Backing Up, Restoring, or Erasing Your Settings The configuration settings of the DG834 ADSL router are stored in a configuration file in the router. This file can be backed up to your computer, restored, or reverted to factory default settings. The procedures below explain how to do these tasks. How to Back Up the Configuration to a File 1.
Reference Manual for the Model DG834 ADSL Firewall Router 4. Store the .cfg file on a computer on your network. How to Restore the Configuration from a File 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the router. 2. From the Maintenance heading of the Main Menu, select the Settings Backup menu as seen in Figure 5-1. 3.
Reference Manual for the Model DG834 ADSL Firewall Router How to Upgrade the Router Firmware Note: NETGEAR recommends that you back up your configuration before doing a firmware upgrade. After the upgrade is complete, you may need to restore your configuration settings. 1. Download and unzip the new software file from NETGEAR. The Web browser used to upload new firmware into the router must support HTTP uploads. NETGEAR recommends using Microsoft Internet Explorer 5.0 or above, or Netscape Navigator 4.
Reference Manual for the Model DG834 ADSL Firewall Router Network Management Information The DG834 provides a variety of status and usage information which is discussed below. Viewing Router Status and Usage Statistics From the Main Menu, under Maintenance, select Router Status to view the screen in Figure 5-3. Figure 5-3: Router Status screen The Router Status menu provides a limited amount of status and usage information.
Reference Manual for the Model DG834 ADSL Firewall Router This screen shows the following parameters: Table 5-1. Menu 3.2 - Router Status Fields Field Description Account Name The Host Name assigned to the router in the Basic Settings menu. Firmware Version This field displays the router firmware version. ADSL Port These parameters apply to the Internet (ADSL) port of the router. MAC Address This field displays the Ethernet MAC address being used by the Internet (ADSL) port of the router.
Reference Manual for the Model DG834 ADSL Firewall Router Click the Show Statistics button to display router usage statistics, as shown in Figure 5-3 below: Figure 5-4: Router Statistics screen This screen shows the following statistics:. Table 5-1. Router Statistics Fields Field Description WAN, LAN, or Serial Port The statistics for the WAN (Internet), LAN (local), and Serial ports. For each port, the screen displays: Status The link status of the port.
Reference Manual for the Model DG834 ADSL Firewall Router Click the Connection Status button to display router connection status, as shown in Figure 5-5 and Figure 5-6. Figure 5-5: Connection Status screen for Dynamic IP Clicking the Renew button updates the status information. This screen shows the following statistics: Table 5-1. Connection Status Fields for Dynamic IP Field Description IP Address The IP Address assigned to the WAN port by the ADSL Internet Service Provider.
Reference Manual for the Model DG834 ADSL Firewall Router An alternate view of the Connection Status screen is shown in Figure 5-6 below: Figure 5-6: Connection Status screen for PPPoA Clicking the Renew button updates the status information. This screen shows the following statistics: Table 5-1. Connection Status Fields for PPPoA Field Description Connection Time The time elapsed since the last connection to the Internet via the ADSL port.
Reference Manual for the Model DG834 ADSL Firewall Router Viewing Attached Devices The Attached Devices menu contains a table of all IP devices that the router has discovered on the local network. From the Main Menu of the browser interface, under the Maintenance heading, select Attached Devices to view the table, shown in Figure 5-7 Figure 5-7: Attached Devices menu For each device, the table shows the IP address, Device Name if available, and the Ethernet MAC address.
Reference Manual for the Model DG834 ADSL Firewall Router An example of the logs file is shown below.
Reference Manual for the Model DG834 ADSL Firewall Router Log entries are described in Table 5-1 below: Table 5-1. Security Log entry descriptions Field Description Date and Time The date and time the log entry was recorded. Description or Action The type of event and what action was taken if any. Source IP The IP address of the initiating device for this log entry.
Reference Manual for the Model DG834 ADSL Firewall Router • Known DoS attacks and Port Scans Saving Log Files on a Server You can choose to write the logs to a computer running a syslog program. To activate this feature, select to Broadcast Lan or enter the IP address of the server where the Syslog file will be written. Examples of Log Messages Following are examples of log messages.
Reference Manual for the Model DG834 ADSL Firewall Router Enabling Security Event E-mail Notification In order to receive logs and alerts by e-mail, you must provide your e-mail information in the E-mail subheading: • Turn e-mail notification on. Select this box if you want to receive e-mail logs and alerts from the router. • Send alerts and logs via email. Enter the name or IP address of your ISP’s outgoing (SMTP) mail server (such as mail.myISP.com).
Reference Manual for the Model DG834 ADSL Firewall Router Running Diagnostic Utilities and Rebooting the Router The DG834 ADSL router has a diagnostics feature. You can use the diagnostics menu to perform the following functions from the router: • Ping an IP Address to test connectivity to see if you can reach a remote host. • Perform a DNS Lookup to test if an Internet name resolves to an IP address to verify that the DNS server configuration is working.
Reference Manual for the Model DG834 ADSL Firewall Router Note: Be sure to change the router's default password to a very secure password. The ideal password should contain no dictionary words from any language, and should be a mixture of letters (both upper and lower case), numbers, and symbols. Your password can be up to 30 characters. Configuring Remote Management 1. Log in to the router at its default LAN address of http://192.168.0.
Reference Manual for the Model DG834 ADSL Firewall Router 5-16 Managing Your Network
Chapter 6 Advanced Configuration This chapter describes how to configure the advanced features of your DG834 ADSL Firewall Router.
Reference Manual for the Model DG834 ADSL Firewall Router Note: For security reasons, you should avoid using the Default DMZ Server feature. When a computer is designated as the Default DMZ Server, it loses much of the protection of the firewall, and is exposed to many exploits from the Internet. If compromised, the computer can be used to attack your network.
Reference Manual for the Model DG834 ADSL Firewall Router Connect Automatically, as Required Normally, this option should be Enabled, so that an Internet connection will be made automatically, whenever Internet-bound traffic is detected. If this causes high connection costs, you can disable this setting. If disabled, you must connect manually, using the sub-screen accessed from the "Connection Status" button on the Status screen. If you have an "Always on" connection, this setting has no effect.
Reference Manual for the Model DG834 ADSL Firewall Router These addresses are part of the Internet Engineering Task Force (IETF)-designated private address range for use in private networks, and should be suitable in most applications. If your network has a requirement to use a different IP addressing scheme, you can make those changes in this menu. Figure 6-2: LAN IP Setup Menu The LAN TCP/IP Setup parameters are: • IP Address This is the LAN IP address of the router.
Reference Manual for the Model DG834 ADSL Firewall Router • RIP Version This controls the format and the broadcasting method of the RIP packets that the router sends. It recognizes both formats when receiving. By default, this is set for RIP-1. — RIP-1 is universally supported. RIP-1 is probably adequate for most networks, unless you have an unusual network setup. — RIP-2 carries more information. Both RIP-2B and RIP-2M send the routing data in RIP-2 format. — RIP-2B uses subnet broadcasting.
Reference Manual for the Model DG834 ADSL Firewall Router • An IP Address from the range you have defined • Subnet Mask • Gateway IP Address is the router’s LAN IP address • Primary DNS Server, if you entered a Primary DNS address in the Basic Settings menu; otherwise, the router’s LAN IP address • Secondary DNS Server, if you entered a Secondary DNS address in the Basic Settings menu Reserved IP addresses When you specify a reserved IP address for a computer on the LAN, that computer will always
Reference Manual for the Model DG834 ADSL Firewall Router 2. From the Main Menu, under Advanced, click the LAN IP Setup link to view the menu, shown in Figure 6-3. Figure 6-3: LAN IP Setup Menu 3. Enter the TCP/IP, DHCP, or Reserved IP parameters. 4. Click Apply to save your changes. Configuring Dynamic DNS If your network has a permanently assigned IP address, you can register a domain name and have that name linked with your IP address by public Domain Name Servers (DNS).
Reference Manual for the Model DG834 ADSL Firewall Router How to Configure Dynamic DNS 1. Log in to the router at its default LAN address of http://192.168.0.1 with its default User Name of admin, default password of password, or using whatever User Name, Password and LAN address you have chosen for the router. 2. From the Main Menu of the browser interface, under Advanced, select Dynamic DNS to display the page below. 3.
Reference Manual for the Model DG834 ADSL Firewall Router Note: If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the dynamic DNS service will not work because private addresses will not be routed on the Internet. Using Static Routes Static Routes provide additional routing information to your router.
Reference Manual for the Model DG834 ADSL Firewall Router • The Router IP Address fields specifies that all traffic for these addresses should be forwarded to the ISDN router at 192.168.0.100. • A Metric value of 1 will work since the ISDN router is on the LAN. This represents the number of routers between your network and the destination. This is a direct connection so it is set to 1. • Private is selected only as a precautionary security measure in case RIP is activated.
Reference Manual for the Model DG834 ADSL Firewall Router 3. To add or edit a Static Route: a. Click the Edit button to open the Edit Menu, shown in Figure 6-5. Figure 6-5: Static Route Entry and Edit Menu 4. b. Type a route name for this static route in the Route Name box under the table. This is for identification purpose only. c. Select Private if you want to limit access to the LAN only. The static route will not be reported in RIP. d. Select Active to make this route effective. e.
Reference Manual for the Model DG834 ADSL Firewall Router 6-12 Advanced Configuration
Chapter 7 Troubleshooting This chapter gives information about troubleshooting your DG834 ADSL Firewall Router. After each problem description, instructions are provided to help you diagnose and solve the problem. For the common problems listed, go to the section indicated. • Is the router on? • Have I connected the router correctly? Go to “Basic Functioning” on page 7-1. • I can’t access the router’s configuration with my browser. Go to “Troubleshooting the Web Configuration Interface” on page 7-3.
Reference Manual for the Model DG834 ADSL Firewall Router If a port’s LED is lit, a link has been established to the connected device. If a LAN port is connected to a 100 Mbps device, verify that the port’s LED is green. If the port is 10 Mbps, the LED will be amber. If any of these conditions does not occur, refer to the appropriate following section.
Reference Manual for the Model DG834 ADSL Firewall Router • Make sure that power is turned on to the connected hub or workstation. • Be sure you are using the correct cable: — When connecting the router’s WAN ADSL port, use the cable that was supplied with the DG834.
Reference Manual for the Model DG834 ADSL Firewall Router • Click the Refresh or Reload button in the Web browser. The changes may have occurred, but the Web browser may be caching the old configuration. Troubleshooting the ISP Connection If your router is unable to access the Internet, you should check the ADSL connection, then the WAN TCP/IP connection. ADSL link If your router is unable to access the Internet, you should first determine whether you have an ADSL link with the service provider.
Reference Manual for the Model DG834 ADSL Firewall Router If disconnecting telephones does not result in a green WAN LED the problem may be one of the following: • Check that the telephone company has made the connection to your line and tested it. • Verify that you are connected to the correct telephone line. If you have more than one phone line, be sure that you are connected to the line with the ADSL service.
Reference Manual for the Model DG834 ADSL Firewall Router • Your ISP only allows one Ethernet MAC address to connect to Internet, and may check for your computer’s MAC address. In this case: Inform your ISP that you have bought a new network device, and ask them to use the router’s MAC address. OR Configure your router to spoof your computer’s MAC address. This can be done in the Basic Settings menu. Refer to “Manually Configuring Your Internet Connection” on page 3-15.
Reference Manual for the Model DG834 ADSL Firewall Router A DNS server is a host on the Internet that translates Internet names (such as www addresses) to numeric IP addresses. Typically your ISP will provide the addresses of one or two DNS servers for your use. If you entered a DNS address during the router’s configuration, reboot your computer and verify the DNS address as described in “Verifying TCP/IP Properties” on page C-6.
Reference Manual for the Model DG834 ADSL Firewall Router • Wrong physical connections — Make sure the LAN port LED is on. If the LED is off, follow the instructions in “LAN or WAN Port LEDs Not On” on page 7-2. — Check that the corresponding Link LEDs are on for your network interface card and for the hub ports (if any) that are connected to your workstation and router.
Reference Manual for the Model DG834 ADSL Firewall Router Restoring the Default Configuration and Password This section explains how to restore the factory default configuration settings, changing the router’s administration password to password and the IP address to 192.168.0.1. You can erase the current configuration and restore factory defaults in two ways: • Use the Erase function of the Web Configuration Manager (see “Backing Up, Restoring, or Erasing Your Settings” on page 5-1).
Reference Manual for the Model DG834 ADSL Firewall Router 7-10 Troubleshooting
Appendix A Technical Specifications This appendix provides technical specifications for the DG834 ADSL Firewall Router.
Reference Manual for the Model DG834 ADSL Firewall Router LAN: 10BASE-T or 100BASE-Tx, RJ-45 WAN: ADSL, Dual RJ-11, pins 2 and 3 T1.413, G.DMT, G.
Appendix B Network and Routing Basics This chapter provides an overview of IP networks and routing. Related Publications As you read this document, you may be directed to various RFC documents for further information. An RFC is a Request For Comment (RFC) published by the Internet Engineering Task Force (IETF), an open organization that defines the architecture and operation of the Internet. The RFC documents outline and define the standard protocols and procedures for the Internet.
Reference Manual for the Model DG834 ADSL Firewall Router Routing Information Protocol One of the protocols used by a router to build and maintain a picture of the network is the Routing Information Protocol (RIP). Using RIP, routers periodically update one another and check for changes to add to the routing table. The DG834 ADSL router supports both the older RIP-1 and the newer RIP-2 protocols. Among other improvements, RIP-2 supports subnet and multicast protocols.
Reference Manual for the Model DG834 ADSL Firewall Router Class A Network Node Class B Network Node Class C Network Node Figure 7-1: Three Main Address Classes The five address classes are: • Class A Class A addresses can have up to 16,777,214 hosts on a single network. They use an eight-bit network number and a 24-bit node number. Class A addresses are in this range: 1.x.x.x to 126.x.x.x. • Class B Class B addresses can have up to 65,354 hosts on a network.
Reference Manual for the Model DG834 ADSL Firewall Router This addressing structure allows IP addresses to uniquely identify each physical network and each node on each physical network. For each unique value of the network portion of the address, the base address of the range (host address of all zeros) is known as the network address and is not usually assigned to a host.
Reference Manual for the Model DG834 ADSL Firewall Router Subnet addressing allows us to split one IP network address into smaller multiple physical networks known as subnetworks. Some of the node numbers are used as a subnet number instead. A Class B address gives us 16 bits of node numbers translating to 64,000 nodes. Most organizations do not use 64,000 nodes, so there are free bits that can be reassigned. Subnet addressing makes use of those bits that are free, as shown below.
Reference Manual for the Model DG834 ADSL Firewall Router The following table lists the additional subnet mask bits in dotted-decimal notation. To use the table, write down the original class netmask and replace the 0 value octets with the dotted-decimal value of the additional subnet bits. For example, to partition your Class C network with subnet mask 255.255.255.0 into 16 subnets (4 bits), the new subnet mask becomes 255.255.255.240. Table 7-1.
Reference Manual for the Model DG834 ADSL Firewall Router NETGEAR strongly recommends that you configure all hosts on a LAN segment to use the same netmask for the following reasons: • So that hosts recognize local IP broadcast packets When a device broadcasts to its segment neighbors, it uses a destination address of the local network address with all ones for the host address. In order for this scheme to work, all devices on the segment must agree on which bits comprise the host address.
Reference Manual for the Model DG834 ADSL Firewall Router The router accomplishes this address sharing by translating the internal LAN IP addresses to a single address that is globally unique on the Internet. The internal LAN IP addresses can be either private addresses or registered addresses. For more information about IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT). The following figure illustrates a single IP address operation.
Reference Manual for the Model DG834 ADSL Firewall Router MAC Addresses and Address Resolution Protocol An IP address alone cannot be used to deliver data from one LAN device to another. To send data between LAN devices, you must convert the IP address of the destination device to its media access control (MAC) address. Each device on an Ethernet network has a unique MAC address, which is a 48-bit number assigned to each device by the manufacturer.
Reference Manual for the Model DG834 ADSL Firewall Router When a PC accesses a resource by its descriptive name, it first contacts a DNS server to obtain the IP address of the resource. The PC sends the desired message using the IP address. Many large organizations, such as ISPs, maintain their own DNS servers and allow their customers to use the servers to look up addresses. IP Configuration by DHCP When an IP-based local area network is installed, each PC must be configured with an IP address.
Reference Manual for the Model DG834 ADSL Firewall Router What is a Firewall? A firewall is a device that protects one network from another, while allowing communication between the two. A firewall incorporates the functions of the NAT router, while adding features for dealing with a hacker intrusion or attack. Several known types of intrusion or attack can be recognized when they occur.
Reference Manual for the Model DG834 ADSL Firewall Router . Table B-1. UTP Ethernet cable wiring, straight-through Pin Wire color Signal 1 Orange/White Transmit (Tx) + 2 Orange Transmit (Tx) - 3 Green/White Receive (Rx) + 4 Blue 5 Blue/White 6 Green 7 Brown/White 8 Brown Receive (Rx) - Category 5 Cable Quality Category 5 distributed cable that meets ANSI/EIA/TIA-568-A building wiring standards can be a maximum of 328 feet (ft.
Reference Manual for the Model DG834 ADSL Firewall Router Inside Twisted Pair Cables For two devices to communicate, the transmitter of each device must be connected to the receiver of the other device. The crossover function is usually implemented internally as part of the circuitry in the device. Computers and workstation adapter cards are usually media-dependent interface ports, called MDI or uplink ports.
Reference Manual for the Model DG834 ADSL Firewall Router Figure B-3: Category 5 UTP Cable with Male RJ-45 Plug at Each End Note: Flat “silver satin” telephone cable may have the same RJ-45 plug. However, using telephone cable results in excessive collisions, causing the attached port to be partitioned or disconnected from the network.
Reference Manual for the Model DG834 ADSL Firewall Router The DG834 ADSL router incorporates Auto UplinkTM technology (also called MDI/MDIX). Each LOCAL Ethernet port will automatically sense whether the Ethernet cable plugged into the port should have a normal connection (e.g. connecting to a PC) or an uplink connection (e.g. connecting to a router, switch, or hub). That port will then configure itself to the correct configuration.
Reference Manual for the Model DG834 ADSL Firewall Router B-16 Network and Routing Basics
Appendix C Preparing Your Network This appendix describes how to prepare your network to connect to the Internet through the DG834 ADSL Firewall Router and how to verify the readiness of broadband Internet service from an Internet service provider (ISP).
Reference Manual for the Model DG834 ADSL Firewall Router In your IP network, each PC and the router must be assigned a unique IP addresses. Each PC must also have certain other IP configuration information such as a subnet mask (netmask), a domain name server (DNS) address, and a default gateway address. In most cases, you should install TCP/ IP so that the PC obtains its specific network configuration information automatically from a DHCP server during bootup.
Reference Manual for the Model DG834 ADSL Firewall Router You must have an Ethernet adapter, the TCP/IP protocol, and Client for Microsoft Networks. Note: It is not necessary to remove any other network components shown in the Network window in order to install the adapter, TCP/IP, or Client for Microsoft Networks. If you need to install a new adapter, follow these steps: a. Click the Add button. b. Select Adapter, and then click Add. c.
Reference Manual for the Model DG834 ADSL Firewall Router If you need Client for Microsoft Networks: 3. a. Click the Add button. b. Select Client, and then click Add. c. Select Microsoft. d. Select Client for Microsoft Networks, and then click OK. Restart your PC for the changes to take effect.
Reference Manual for the Model DG834 ADSL Firewall Router Verify the following settings as shown: • Client for Microsoft Network exists • Ethernet adapter is present • TCP/IP is present • Primary Network Logon is set to Windows logon Click on the Properties button. The following TCP/IP Properties window will display.
Reference Manual for the Model DG834 ADSL Firewall Router • By default, the IP Address tab is open on this window. • Verify the following: Obtain an IP address automatically is selected. If not selected, click in the radio button to the left of it to select it. This setting is required to enable the DHCP server to automatically assign an IP address. • Click OK to continue. Restart the PC. Repeat these steps for each PC with this version of Windows on your network.
Reference Manual for the Model DG834 ADSL Firewall Router 2. Type winipcfg, and then click OK. The IP Configuration window opens, which lists (among other things), your IP address, subnet mask, and default gateway. 3. From the drop-down box, select your Ethernet adapter. The window is updated to show your settings, which should match the values below if you are using the default TCP/IP settings that NETGEAR recommends for connecting through a router or gateway: • The IP address is between 192.168.0.
Reference Manual for the Model DG834 ADSL Firewall Router DHCP Configuration of TCP/IP in Windows XP, 2000, or NT4 You will find there are many similarities in the procedures for different Windows systems when using DHCP to configure TCP/IP. The following steps will walk you through the configuration process for each of these versions of Windows. DHCP Configuration of TCP/IP in Windows XP Locate your Network Neighborhood icon. • Select Control Panel from the Windows XP new Start Menu.
Reference Manual for the Model DG834 ADSL Firewall Router • Now you should be at the Local Area Network Connection Status window. This box displays the connection status, duration, speed, and activity statistics. • Administrator logon access rights are needed to use this window. • Click the Properties button to view details about the connection. • The TCP/IP details are presented on the Support tab page. • Select Internet Protocol, and click Properties to view the configuration information.
Reference Manual for the Model DG834 ADSL Firewall Router • Verify that the Obtain an IP address automatically radio button is selected. • Verify that Obtain DNS server address automatically radio button is selected. • Click the OK button. This completes the DHCP configuration of TCP/ IP in Windows XP. Repeat these steps for each PC with this version of Windows on your network.
Reference Manual for the Model DG834 ADSL Firewall Router • Click on the My Network Places icon on the Windows desktop. This will bring up a window called Network and Dial-up Connections. • Right click on Local Area Connection and select Properties. • The Local Area Connection Properties dialog box appears. • Verify that you have the correct Ethernet card selected in the Connect using: box.
Reference Manual for the Model DG834 ADSL Firewall Router • With Internet Protocol (TCP/IP) selected, click on Properties to open the Internet Protocol (TCP/IP) Properties dialogue box. • Verify that • Obtain an IP address automatically is selected. • Obtain DNS server address automatically is selected. • Click OK to return to Local Area Connection Properties. • Click OK again to complete the configuration process for Windows 2000. Restart the PC.
Reference Manual for the Model DG834 ADSL Firewall Router DHCP Configuration of TCP/IP in Windows NT4 Once you have installed the network card, you need to configure the TCP/IP environment for Windows NT 4.0. Follow this procedure to configure TCP/IP with DHCP in Windows NT 4.0. • Choose Settings from the Start Menu, and then select Control Panel. This will display Control Panel window. • Double-click the Network icon in the Control Panel window. The Network panel will display.
Reference Manual for the Model DG834 ADSL Firewall Router • Highlight the TCP/IP Protocol in the Network Protocols box, and click on the Properties button.
Reference Manual for the Model DG834 ADSL Firewall Router • The TCP/IP Properties dialog box now displays. • Click the IP Address tab. • Select the radio button marked Obtain an IP address from a DHCP server. • Click OK. This completes the configuration of TCP/IP in Windows NT. Restart the PC. Repeat these steps for each PC with this version of Windows on your network. Verifying TCP/IP Properties for Windows XP, 2000, and NT4 To check your PC’s TCP/IP configuration: 1.
Reference Manual for the Model DG834 ADSL Firewall Router • 4. The default gateway is 192.168.0.1 Type exit Configuring the Macintosh for TCP/IP Networking Beginning with Macintosh Operating System 7, TCP/IP is already installed on the Macintosh. On each networked Macintosh, you need to configure TCP/IP to use DHCP. MacOS 8.6 or 9.x 1. From the Apple menu, select Control Panels, then TCP/IP. The TCP/IP Control Panel opens: 2. From the “Connect via” box, select your Macintosh’s Ethernet interface.
Reference Manual for the Model DG834 ADSL Firewall Router 2. If not already selected, select Built-in Ethernet in the Configure list. 3. If not already selected, Select Using DHCP in the TCP/IP tab. 4. Click Save. Verifying TCP/IP Properties for Macintosh Computers After your Macintosh is configured and has rebooted, you can check the TCP/IP configuration by returning to the TCP/IP Control Panel. From the Apple menu, select Control Panels, then TCP/IP.
Reference Manual for the Model DG834 ADSL Firewall Router Verifying the Readiness of Your Internet Account For broadband access to the Internet, you need to contract with an Internet service provider (ISP) for a single-user Internet access account using a cable modem or DSL modem. This modem must be a separate physical box (not a card) and must provide an Ethernet port intended for connection to a Network Interface Card (NIC) in a computer. Your router does not support a USB-connected broadband modem.
Reference Manual for the Model DG834 ADSL Firewall Router • An IP address and subnet mask • A gateway IP address, which is the address of the ISP’s router • One or more domain name server (DNS) IP addresses • Host name and domain suffix For example, your account’s full server names may look like this: mail.xxx.yyy.com In this example, the domain suffix is xxx.yyy.com. If any of these items are dynamically supplied by the ISP, your router automatically acquires them.
Reference Manual for the Model DG834 ADSL Firewall Router If an IP address appears under Installed Gateways, write down the address. This is the ISP’s gateway address. Select the address and then click Remove to remove the gateway address. 6. Select the DNS Configuration tab. If any DNS server addresses are shown, write down the addresses. If any information appears in the Host or Domain information box, write it down. Click Disable DNS. 7.
Reference Manual for the Model DG834 ADSL Firewall Router Restarting the Network Once you have set up your computers to work with the router, you must reset the network for the devices to be able to communicate correctly. Restart any computer that is connected to the firewall. After configuring all of your computers for TCP/IP networking and restarting them, and connecting them to the local network of your DG834 ADSL router, you are ready to access and configure the router.
Reference Manual for the Model DG834 ADSL Firewall Router C-22 Preparing Your Network
Glossary 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet over twisted pair wiring. 100BASE-Tx IEEE 802.3 specification for 100 Mbps Ethernet over twisted pair wiring. 802.11b IEEE specification for wireless networking at 11 Mbps using direct-sequence spread-spectrum (DSSS) technology and operating in the unlicensed radio spectrum at 2.5GHz. 802.
Reference Manual for the Model DG834 ADSL Firewall Router 2 Cat 5 Category 5 unshielded twisted pair (UTP) cabling. An Ethernet network operating at 10 Mbits/second (10BASE-T) will often tolerate low quality cables, but at 100 Mbits/second (10BASE-Tx) the cable must be rated as Category 5, or Cat 5 or Cat V, by the Electronic Industry Association (EIA). This rating will be printed on the cable jacket.
Reference Manual for the Model DG834 ADSL Firewall Router IP Address A four-byte number uniquely defining each host on the Internet. Ranges of addresses are assigned by Internic, an organization formed for this purpose. Usually written in dotted-decimal notation with periods separating the bytes (for example, 134.177.244.57). IPSec Internet Protocol Security. IPSec is a series of guidelines for securing private information transmitted over public networks.
Reference Manual for the Model DG834 ADSL Firewall Router 4 Netmask A number that explains which part of an IP address comprises the network address and which part is the host address on that network. It can be expressed in dotted-decimal notation or as a number appended to the IP address. For example, a 28-bit mask starting from the MSB can be shown as 255.255.255.192 or as /28 appended to the IP address.
Reference Manual for the Model DG834 ADSL Firewall Router router A device that forwards data between networks. An IP router forwards data based on IP source and destination addresses. Routing Information Protocol A protocol in which routers periodically exchange information with one another so that they can determine minimum distance paths between sources and destinations. SSID A Service Set Identification is a thirty-two character (maximum) alphanumeric key identifying a wireless local area network.
Reference Manual for the Model DG834 ADSL Firewall Router WPA 6 Wi-Fi Protected Access (WPA) is a specification of standards-based, interoperable security enhancements that increase the level of data protection and access control for existing and future wireless LAN systems.
