Alcatel Speedtouch modem

Introduction
This is an old HowTo, and my first. This information might be partially obsolete but the techniques used hold for more recent equipment in some case still - so I ported it after the wiki crash.

This guide is written for people who want to use an old (ethernet based) Alcatel Speedtouch ADSL modem under linux. The first part of the guide will tell you how to set up the uplink using the modem. After that, I'll explain how to turn the gentoo machine which controls the uplink into a internet router.

Note: This means this guide is NOT intended for the newer USB based modems called Speedtouch, this is about the type before the USB hype... If you need a guide for those modems go here: (TODO - Insert Link)

Prologue
Right now I have an old linux server (200Mhz Pentium) downstairs running SuSE 6.x which is hooked up to an Alcatel Speedtouch modem working as an internet router. Although an old modem, there seem to be numerous people who are still using this piece of history to connect to the internet.

There used to be a (dutch) site which had a prefab package to setup the modem, the server and set up a firewall. Unfortunately the site is gone now leaving people like me without a fresh installer to configure the Alcatel Speedtouch.

Back then my knowledge of linux was poor at best - I knew a few commands and I thought I was a big shot for getting SuSE to run and even route my ADSL traffic... Looking back I regret that I didn't know what I do now as I would probably be able to monitor the install scripts to be able to copy the behaviour and redo it on my new and shiny gentoo server.

While writing this I'm attempting to get the Speedtouch to work with Gentoo so hopefully this how-to is easy to follow as you will be doing the same things as I am.

How this is supposed to work
If you're no tech-wiz, skip the techno talk and simply follow the steps. For everybody else, this is how it should work when we're done.

The modem and the server have their own ethernet connection in the 10.0.0.x range. Over this network they will create a tunnel using ppp (to be exact synchronous pptp). This tunnel transports the actual internet traffic. Therefor, the endpoint of this tunnel is at the server and will have the public ip address. I will assume that the server has 2 network interfaces, one will be used for the network connection with the modem and the other will go towards your internal network.

IMPORTANT: I assume eth0 is the interface with is connected to the modem while eth1 is the interface connected to your lan. Also, the default configuration of the modem is to use address 10.0.0.138, which I will use in this howto.

To provide a bit of a complete manual I'll incorporate the set up of the network forwarding and NAT so you can use the internet from every system in your lan. To make the set up of all your computers easier I will also add a DHCP server.

Please note however that these are basic setups and not advanced guides for firewalling or DHCP servers. Please look to other guides for that kind of information.

Setting up the modem for first use
This is pretty much beyond the scope of this how-to. The fact that you are reading this means you already have an old Speedtouch which probably has been used before. If so, it also means the modem is set up properly and ready to go.

If not than I'd like to point you at Google - there has to be one person on this planet who has documented how to set up the modem for your ADSL provider.

For the lucky dutch speaking people here, you can look at this site which explains how to run the configuration for the modem: http://www.xs4all.nl/~rmeijer/adsl/

Setting up the system
We will first modify the system before setting up the software.

Setting up the kernel
I am using the 2.6.12.5 kernel so if you are uing a different kernel the options might differ a bit.

Make sure the following options are selected (either compiled in the kernel or as modules):

If you decide to compile the options as modules do not forget to add them to your /etc/modules.autoload.d/kernel-2.6 file. The modules will be called:


 * ppp_generic
 * ppp_synctty
 * ppp_async
 * ppp_deflate
 * bsd_comp

Example of what you should add to the autload when you compile the ppp support as modules.

Either load the modules now or reboot using your new kernel before continuing with compiling ppp.

Setting up the network
We now need to make sure the network is configured properly. As this server will be a DHCP server as well as a router we will set both network cards with static configuration.

Software setup
After these modifications we will now install and configure the 2 packages which will be used for the uplink

Getting and configuring PPP
Grab the ppp program by emerging it:

emerge ppp

Now fire up your favorite text editor and point it to the file with login information:

Replace the $USER and $PASSWORD with your own username and password you were given by your provider. Note: The username is usually in the form of user@provider. Note: The password is quoted, probably in case you have a password with weird character.

Right, we told ppp what to use during login but it would also be nice to have the actual connection to aply this knowledge. We will fix that now.

Create a new file in /etc/ppp/peers - I've called mine 'adsl' - and paste the following in it:

If you experience connection problems using synchronous mode (the default in the config above) try to set asynchronous mode (don't forget to load the async module as well!):

In both example configurations the $USER should be replaced with your own username for the ADSL login.

Explanation of the used options
In this section I'll explain in more detail what each option does. You can safely skip this if you don't care what everything does.

idle 0 This prevents the ppp damon from killing the connection after after a specified period of inactivity.

noauth Do not require the peer to authenticate itself - we're pretty sure the only thing on this network is the modem (not to mention the fact that the modem does not support this).

user $USER Obviously, use the login we just specified in the pap-secrets file.

usepeerdns We ask the modem to tell us the addresses of the dns servers of the network he connected to. These addresses will be passed along to the connection scripts when we start the uplink.

defaultroute As soon as the connection is initiated we set the remote gateway as our main gateway in the route table.

linkname adsl This is an optional argument which provides us with a pid file in /var/run as long as the connection is enabled. You can create scripts which use this to check if the internet connection is up and running.

persist When specified, this makes sure the connection is reinitiated as soon as it gets dropped. In a way your downtime should only be a second or so while the daemon restarts the uplink if something went wrong.

Getting PPTP
Now we need to grab pptp as we need it for the tunnel to the modem (ppp will go through pptp to log in).

emerge pptpclient

Testing the uplink
If everything went as it should we should now have a working uplink.

Simply fire up pppd with the right connection and run ifconfig to see if it worked:

pppd call adsl

Note: If you get something like:

Couldn't set tty to PPP discipline: Invalid argument

Make sure you have the synchronous tty module loaded or compiled into your kernel (I forgot this myself)

Looking at the last 4 lines you can see the connect succeeded. If you have copied my masquerading script you can now enter 'internet' on the console and manually configure your normal pc with an internal ip address and the dns addresses you can see in the output of pppd to go online!

Setting up internet for everybody
We now need to activate forwarding and masquerading.

I'll show the basic setup which simply activates it and also my own scripts which are a little more complex but also provide more options.

The basic masquerading setup
Use the following commands (or put them in a script) to start the internet routing and close the ports on the outside world:

iptables -F; iptables -t nat -F; iptables -t mangle -F iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/conf/all/forwarding iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -P INPUT DROP

The 'better' masquerading setup
This is my own, custom script. It handles the masquerading, checks if the interface for internet is up (otherwise inserting rules would be pointless) and shows how to forward a port to an internal machine.

Note that I designed this with the main goal of being able to (re)start the firewall using a remote ssh login. Therefor it first strips the policies of the network to make sure we don't get shut out when the firewall comes up (and probably never finishes to come up as the script is stopped when the connection got killed).

I smacked this one in /usr/sbin so I can simply enter 'internet' and the routing would start.

Adding a bit of luxury: DHCP server
Start by emerging the dhcp server:

emerge dhcp

Edit the configuration in /etc/conf.d/dhcpd.conf and make it look something like this:

And start the dhcp server:

/etc/init.d/dhcp start

Finishing it
If all is well you now have your Alcatel Speedtouch online together with your gentoo server which now supplies the whole network with internet access!

Now all we need to do is make it all a bit more persistent as a reboot will wipe all that magic...

Now I suppose I could use all those fancy scripts that are present but quite frankly I don't care - its 3 AM here by now and I simply want this working and finished and I suppose you do as well.

The most simple solution is to slam it all in the local bootup scripts:

Now all we need is the DHCP server to come back alive after a reboot:

rc-update add dhcp default

There we go, the whole how-to to get your Alcatel Speedtouch back in action.