In the olden days (okay, maybe just a few years ago), if your business wanted to get Internet access for multiple users, you would either need to get a high-speed digital line (like T1 or Fractional T1), or you would have to get a modem and Internet account for each user. There was a problem with both of these methods. T1s can have costly monthly charges, and getting separate Internet access for each user leaves the organization open to many security risks. While it’s true that ISDN is available, its availability is limited and it’s sometimes complex in its installation. In comes broadband and broadband-enabled routers. Monthly broadband Internet access charges are reasonable. Broadband routers are not very expensive, allow businesses to connect multiple PCs to the Internet using one account, are relatively easy to install, and offer some form of perimeter security. There are dozens of broadband routers on the market today. One such router is made by former Nortel subsidiary, NETGEAR.

NETGEAR’s RT314 Cable/DSL Router (Figure A) has a built-in four-port 10/100 full-duplex switch, which means you can connect up to four PCs directly to the router without the need for a separate hub or switch. The router also has browser-based management and basic firewall support, can act as either a DHCP client or a DHCP server, and supports PPPoE. One important feature of this, or any router for that matter, is its ability to hide your internal network from the prying eyes of the Internet through IP masquerading, also referred to as network address translation (NAT). You can find an excellent explanation of IP masquerading here.

Figure A
The four-port NETGEAR RT314 broadband router has excellent features for small businesses.

Setting up the NETGEAR RT314
Before setting up this router, determine if you will need to enable the router’s DHCP client feature. If your ISP has assigned you an IP address that does not change (a static address), then you will need to turn off the DHCP client. You will also need to know the DNS and gateway settings for your Internet connection. Finally, unless you already have a DHCP server on your network, you should leave the DHCP server feature enabled.

If your IP address is dynamic (chances are if your ISP never mentioned anything to you about IP addresses, DNS servers, or gateways, then you’re using dynamic addressing), be sure to leave the DHCP client feature enabled. Again, depending on your network configuration, either turn off or turn on the DHCP server.

Installation and setup of this unit is pretty straightforward. First connect your cable modem or DSL modem to the router’s Internet port and an Ethernet cable from your hub to the Local port on the router. The router comes preconfigured as a DHCP server with a default TCP/IP address of If not already done, configure your PC to obtain an IP address from a DHCP server and then reboot the machine. NETGEAR’s RT314 comes with a handy browser-based setup and configuration wizard that walks you through a basic setup of the router. You can’t use the wizard to access the more advanced settings of the router, though. For that, you need to use a serial or Telnet connection. So fire up your favorite Web browser and enter the router’s default IP address in the address bar. Then you’ll see the introduction screen for the router’s configuration wizard (Figure B).

Figure B
Use the Wizard Setup to get up and running quickly.

Clicking Wizard Setup brings you to the wizard’s General Settings screen. Enter the username assigned to you by your ISP and your ISP’s domain name. In most instances, if you don’t enter a domain name, the router will do it automatically. However, if the router can’t resolve the name, you’ll need to enter it manually. Then, click Next. At this screen, enter your connection-specific information.

Generally, in the ISP Parameters screen, you can leave the Encapsulation settings and Service settings at their defaults. However, some ISPs require that you log on with a username and password. If this is the case, you’ll need to contact your ISP to get the correct information before you can continue. (Some Road Runner users are required to use a separate Road Runner login program. NETGEAR has cleverly built its router to handle these situations. The configuration wizard will walk you through how to do this.) Clicking Next brings you to the wizard’s last screen.

Here, you will configure your WAN parameters. This is where the DHCP settings come into play. If you need MAC address spoofing, you can enable it here. Some ISPs record the MAC address of NIC cards that send traffic across their network. They record this information the first time you connect to their service. Once they have that address, any computer using your Internet connection must utilize that original address. MAC address spoofing gives the router the ability to pretend that it is using that initial MAC address (Figure C).

Figure C
You can change the router’s MAC address.

At this point, you’re finished with the basic configuration. If you need a more advanced configuration, let’s say to set up port mappings or the DHCP server, you’ll need to access the manager interface through a Telnet or serial connection. Making these connections is explained in detail in the user manual.

Setting up filters
Filters are used to prevent unauthorized access to your network. All data that is sent through a network is sent in the form of packets. At the beginning of each packet is a header, which states where the packet came from, where it’s going, and what type of packet it is. The rest of the packet, called the body, contains the actual data that is being transmitted. A packet filter looks at the header of each packet as it rides along the network. The filter then drops, accepts, or rejects the packet based on your settings.

The NETGEAR RT314 includes two types of filters, the IP protocol filter and the generic filter. The IP protocol filter screens packets based upon the IP address and port information contained within the packet. The generic filter looks for a specific pattern of bytes enclosed within a data packet. To configure IP filters, it is necessary to specify TCP/UDP ports and protocols by their assigned numbers instead of by their names. That means you would need to specify Port 25 for SMTP, Port 110 for POP, Port 53 for DNS, etc. A list of well-known protocols and port numbers can be found here. Many common port numbers are also listed on any Windows 9.x PC in a file called Services, located in the \Windows directory. You can find this same file on a Windows 2000 or NT computer in the \Winnt\System\Drivers\Etc directory.

As with any filter rule, an action is taken by the router depending on whether the conditions of the rule are met. For instance, you could tell the router to reject any packets being directed to Port 23 that come from the Internet and to accept any packets that come from your local network. To configure a rule, you would choose option 21 from the Manager Interface main menu, select the filter you wish to configure, and enter a name for the filter. Pressing [Enter] brings you to the Filter Rules Summary screen.

You would use the Filter Rules Summary screen to view which rules are set up on the router, the status of each filter, and to edit a newly created or existing filter. Looking at Figure D, you can see that this router’s first rule is active and that it is an IP filter rule. You can also see that this rule acts on protocol 6, which is the TCP protocol. (Don’t get protocol numbers confused with port numbers; check here for a list of protocol numbers.) This rule tells the router to drop all packets (regardless of source IP address or destination IP address) that are directed towards port 137—the NetBIOS port—a well-known point of attack by many a hacker.

Figure D
Secure your network using filter sets.

The RT314 comes with three filter rules already set up—NetBIOS WAN, NetBIOS LAN, and TELNET_FTP_WAN. These filter sets help to plug up some of the security holes inherent to a Windows system. For an in-depth explanation of these and other security risks, visit Steve Gibson’s ShieldsUP! Web site.

After you configure your filters, set up any client PCs so that they can access the router and you’re finished. If any of your connected PCs aren’t able to access the Internet, check the network settings on the router and on the PC. If you’re using static IP addressing, make sure the IP, DNS, and gateway addresses are pointing to the correct machines. If you’re using DHCP, make sure your DHCP server’s settings are correct.

The NETGEAR Model RT314 Cable/DSL Router is a complete and well-rounded product. Initial configuration is a breeze thanks to the configuration wizard, and securing your network is not much more difficult. The IP firewall capability offered in this product is at a level not found in most of the similarly priced broadband routers. Those with some basic knowledge of TCP/IP networking will find it easy to configure the filter sets. Those without this experience might be better off having someone else configure the firewall or opting to purchase a router like Linksys’ BEFSR41, which offers a much simpler firewall solution. If you’re in the market for a broadband Internet gateway, and you aren’t put off by protocols and ports, add the NETGEAR RT314 to your list of possibilities.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.