The Netgear DG834 is Netgear's replacement for the venerable DG814 four port router. Visually other than the different model number and the word firewall there is nothing to distinguish the two devices. The DG834 provides an ADSL modem with built-in router, and a 4 port 10/100Mbps Ethernet switch for connecting up to four computers, although of course more computers can be added by uplinking the router to an additional Ethernet hub/switch. The Netgear DG834G is essentially the same router but with additional of 802.11g wireless support.
The DG834 is an advance on the old basic DG814 in that it has the same type of firewall as the older DG824M wireless router, which allows users to control both inbound and outbound connections. The router's main features are:
The router includes support for ADSL2 which gives it a longer lifetime. This is in part due to the use of a Texas Instruments chipset that forms the core of the router.
The router in its default set-up has NAT enabled which is the configuration scenario this review focuses on. It handles both single static or dynamic IP address services, and following AOL's addition of router support, it should also work with their ADSL service. For users who have a block of static IP addresses there is the ability to switch off the NAT component, and run the router in a numbered IP mode.
The router comes with what by now is the standard selection of goodies from Netgear. This means you get the router, a good quality micro-filter, 3 metre RJ-11 ADSL modem lead, 3 metre Ethernet patch cable, warranty card, quick set-up guide, CD-ROM containing the manual and a fairly standard power brick. The power supply is the usual Netgear 15VAC 1Amp unit, which gets about as warm as the router itself, but never dangerously hot.
The rear of the router comprises the expected selection of sockets. Travelling from left to right we have: power socket, four Ethernet ports which are 10/100 auto-sensing/auto-uplink, a recessed reset button, and finally the RJ11 socket for plugging into the phone line. The rear panel has no air vents as they are all located in the top of the case. The underside has two screw holes that allow for wall mounting of the unit, and for those curious to see inside without breaching your warranty, the circuit board is shown below. The picture of the PCB reveals that the DG834 is a DG834G wireless router, with the wireless network card missing, alas since the card slot is internal to the case there is no supported upgrade path between the DG834 and DG834G.
The configuration of the DG834 router works in exactly the same way as the previous DG814 and DG824M models. In fact, the user interface is almost identical to the DG824M router. The simplest way to configure the router is to connect one computer to it using the supplied Ethernet patch lead, and then switch the router on, the router should issue an IP address to the computer's Ethernet network card via DHCP. For those wanting to set their network card up manually, the router's default IP address is 192.168.0.1, which means you need to set an IP address in the range 192.168.0.2 - 192.168.0.254 on your computer with a subnet mask of 255.255.255.0, and set the gateway and DNS fields to 192.168.0.1.
Assuming the computer has received an IP address in the 192.168.0.x range, then the next step is to point your web browser at http://192.168.0.1/. Your web browser will now ask for a username and password (the defaults are admin and password respectively). If the web browser does not display a web page, ensure that you have no proxy clients defined in your browser, and that Internet Explorer that it is set to 'never dial a connection' in its Internet Options window.
If the basic connection and issuing of an IP address has worked then you should see the screen above. Now is the time to connect the router to the ADSL line, and after around 20 seconds you should see something like the screen below. In this case it shows the router is connected to a 1Mbps ADSL line, but no IP address has been issued by the ISP because we have not supplied a username or password.
The simplest way to set-up the various ADSL parameters and ISP details is to use the Netgear set-up wizard, and let it auto-detect the connection type. The wizard cycles the router through the built in defaults that it expects for a UK based connection, and once the process is finished you are prompted for a username and password.
The example here shows the bt_test@startup_domain login, a generic account available to all ADSL users who are using a BT Wholesale IPStream based service. This test login is useful if you need to check whether your ISP supplied login details are correct, or you have set-up your ADSL hardware wrong. For users of the BT Broadband and BT Yahoo ADSL services that do not require a password, the DG834's interface is happy with a blank password field.
If you have your ISP supplied username and password enter these and click the 'Test' button. The router will then attempt to log you onto your ISP, and navigate to the following web page. Since the bt_test@startup_domain login only allows access to a small intranet the Test button will fail.
The router status page should also now display your ISP assigned IP address. Note how you have not had to supply any details other than the username and password. At this point since you have an IP address from your ISP you should be able to access the Internet as well as send and receive email etc. The more advanced options in the router will be covered in the next few sections of the review. What this screenshot does not show is that the router has successfully auto-detected the VPI/VCI values for the line, i.e. 0/38.
Port forwarding (also called virtual server on some routers), is the method whereby rather than throwing away unwanted incoming traffic you can direct selected packets to a specified port on a computer. Examples of this, are running a web server, or remotely accessing a computer using PC Anywhere, file transfers in IRC, etc. Some games even require ports forwarded so that you can play with other users on-line.
The Netgear DG834 follows the previous Netgear tradition of combining the firewall and port forwarding into a single arrangement. The router has a list of predefined services and you simply define how these are used, in either the inbound or outbound direction. In its default state the DG834 has all incoming unsolicited traffic blocked and all outgoing traffic allowed, the standard NAT behaviour. You can restrict the outgoing traffic by adding rules allowing or denying traffic on the outbound services section. To make a web server visible to the outside world for example you would add the HTTP service to the inbound services section.
The screenshot above shows three services added to the inbound rule set. These rules allow a web and mail server running on the local static IP address at 192.168.0.200 the ability to serve content to users from the Internet. The HTTP and SMTP services are predefined as selectable services in the router whilst the POP3 service was added as a custom service via the Services menu, as shown below.
The service name can be anything you choose. The important part when defining a service is to specify the correct protocol, which is a choice of TCP, UDP or TCP & UDP. The Netgear is good in that it allows you to specify a range of ports for a specific service. Once you have clicked apply then to actually make use of this custom service you need to click the ADD button on the firewall page for the appropriate rule set.
Adding a rule to the firewall is fairly straightforward and relatively jargon free compared to some routers. The options shown above allow you to select the service you wish to add. The Action selection determines whether you are going to allow this service through, or block it. The Lan Server option is where you specify what machine on your LAN you wish to send the packets to. When adding a rule to the outbound rule set, you can specify whether the rule applies to a single computer or a range of IP addresses. One useful feature is that you can restrict what IP addresses can access any services you are running, thus allowing you to restrict which IP addresses on the Internet can access particular services (e.g. you can only use VNC from the office)
Of course there is little point in having a firewall in a router if you do not make use of it. The default rules protect you from the vast majority of problems, but many users like to restrict what actual Internet access some machines have. The problem is finding out which ports need to be blocked in the outbound direction. One easy way to find this out with the DG834 is to add a rule that duplicates the default outbound rule, but actually logs all the traffic. As you can see in the screenshot the only difference is that the Log option has been set to always, you can then view what traffic is logged via the logs menu. Alternatively you can setup the E-mail section of the router to send the logs to an email account.
Above is a fragment from a log, that shows some outgoing traffic logged. This log actually was generated just at the point at which MS Messenger was told to login from the machine 192.168.0.2, and shows that application sending UDP packets on port 7001 to a server on the Internet, so now you can see which ports to block if you want to prevent MS Messenger logon, i.e. Outbound UDP port 7001. The clever part is that you can use the schedule functionality of the router to create rules that will block certain applications at a certain time of day. Combine this with carefully thought out firewall rules and you have the ability to lock down or open up specific parts of the Internet for other users on your network.
The Netgear DG834 performs very well with an average level of Internet usage, but we found that if you run some of the major peer-to-peer (p2p) applications it can cause other applications to become slug-like in their speed of operating, sometimes requiring multiple clicks for web pages to refresh, this is even with the P2P application having its bandwidth use limited. Normal speed tests and downloads show the router is up to the task of running with a 1Mbps line, and was happy with serving content from a mail and web server.
Since its release in November 2003, the Netgear DG834 has had a chequered history with multiple firmware releases. It is often the case that DG834 and DG834G users find that one firmware will perform better for them than others, so do not always assume the latest firmware is the best for you. Over the course of the review various versions have been used, but final testing was with version 1.04.04. The problems users and our tests have encountered are mainly random disconnects and not always reconnecting after an ISP outage. During testing, we often configure a router to our specification and leave it untouched for longer periods. In the case of the DG834, we generally experienced no problems for about a week before needing human intervention, so it is not an ideal router for someone who travels a lot and wants to have remote access to computers at home or remote access for work.
The UPnP feature is enabled by default on the DG834, but can be turned off if you wish via the UPnP menu. To test its functionality MS Messenger 6.1 was run on a XP machine behind the router, and another computer using a dial-up connection. Two way video and audio conferencing worked as one would expect, and you could see the multiple ports Messenger was using via the UPnP menu on the router.
Gaming appears to be nice and stable with Counter-Strike incorporating Steam seeming to work well and in-game pings running at around 29ms to UK servers. Even with some limited use of the connection on the local network, ping responses using the bt_test@startup_domain username to first hop were pleasantly low.
|Modem||Average Ping Time (ms)|
|EA 900 USB||21|
|Thomson 510 v4||13|
|BT Voyager 2000||16|
|BT Home Network 1200||16|
Based upon 100 pings to first hop using bt_test@startup_domain username
One issue to note with the DG834 family is the fact that the Denial of Service protection is enabled by default and can result in some online security scanners misreporting what the state of the various ports are, since the DoS protection kicks in and assumes someone is port scanning you. For example with several ports open and services running, some scans reported these services as invisible when the DoS protection was on while disabling the protection resulted in the ports showing up correctly. The security scans of the router did not show up any ports open on the Internet side when the router was in its default state, which is what you would expect from a good NAT router.
In the 12 months since the last Netgear review on ADSLguide, pricing for ADSL hardware has plummeted. The DG834 is now available for around £60 from various online retailers. This low price represents good value for money, and now that the firmware for the DG834 has almost settled down, the router is a pretty attractive proposition.
Hardcore users may not find the router quite to their taste as it lacks some of the flexibility available in other products, but for the vast number of people starting out in the ADSL arena, this router offers a very easy set-up and a gentle introduction into managing a hardware firewall. Also since the interface of the router is so similar to the DG814 and DG824M models, there are many people who can give peer advice on how to use the kit. One thing missing from the router's interface that we would like to see corrected, is the display of the attenuation and signal to noise ratio (SNR) figures, so that users can see how stable their line is, and with the growing popularity of 1Mbps and 2Mbps, users increasingly want to know if their line is capable of it.
To give a short and sweet summary: Great piece of hardware for a first time user let down by some stability issues, but hopefully newer firmware will address this. Even with the various problems users have seen, the downtime this has caused during the review is perhaps measured as a minute or two every couple of weeks.
£60 (Street price - June 2004) . Netgear DG834
Prices listed are excluding postage and VAT.
|Where to Buy:||See our DSL Hardware FAQ|