Gentoo Wiki


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc



This is my first How-to so bear with me :-)

This guide is written for people who want to use an old (ethernet based) Alcatel Speedtouch ADSL modem under linux. The first part of the guide will tell you how to set up the uplink using the modem. After that, I'll explain how to turn the gentoo machine which controls the uplink into a internet router.

Note: This means this guide is NOT intended for the newer USB based modems called Speedtouch, this is about the type before the USB hype...
If you need a guide for those modems go here: HOWTO Speedtouch modem


Right now I have an old linux server (200Mhz Pentium) downstairs running SuSE 6.x which is hooked up to an Alcatel Speedtouch modem working as an internet router. Although an old modem, there seem to be numerous people who are still using this piece of history to connect to the internet.

There used to be a (dutch) site which had a prefab package to setup the modem, the server and set up a firewall. Unfortunately the site is gone now leaving people like me without a fresh installer to configure the Alcatel Speedtouch.

Back then my knowledge of linux was poor at best - I knew a few commands and I thought I was a big shot for getting SuSE to run and even route my ADSL traffic... Looking back I regret that I didn't know what I do now as I would probably be able to monitor the install scripts to be able to copy the behaviour and redo it on my new and shiny gentoo server.

While writing this I'm attempting to get the Speedtouch to work with gentoo so hopefully this how-to is easy to follow as you will be doing the same things as I am.

How this is supposed to work

If you're no tech-wiz, skip the techno talk and simply follow the steps. For everybody else, this is how it should work when we're done.

The modem and the server have their own ethernet connection in the 10.0.0.x range. Over this network they will create a tunnel using ppp (to be exact synchronous pptp). This tunnel transports the actual internet traffic. Therefor, the endpoint of this tunnel is at the server and will have the public ip address. I will assume that the server has 2 network interfaces, one will be used for the network connection with the modem and the other will go towards your internal network.

IMPORTANT: I assume eth0 is the interface with is connected to the modem while eth1 is the interface connected to your lan. Also, the default configuration of the modem is to use address, which I will use in this howto.

To provide a bit of a complete manual I'll incorporate the set up of the network forwarding and NAT so you can use the internet from every system in your lan. To make the set up of all your computers easier I will also add a DHCP server.

Please note however that these are basic setups and not advanced guides for firewalling or DHCP servers. Please look to other guides for that kind of information.

Warning: This implies that your server will be connected to the outside world without intervention of the modem: there is no firewall or anything between your server and the world wide web... Ponder about that for a while and I hope you understand the importance of a firewall or at least a simple iptable script that closes all the ports on the internet uplink.

Setting up the modem for first use

This is pretty much beyond the scope of this how-to. The fact that you are reading this means you already have an old Speedtouch which probably has been used before. If so, it also means the modem is set up properly and ready to go.

If not than I'd like to point you at Google - there has to be one person on this planet who has documented how to set up the modem for your ADSL provider.

For the lucky dutch speaking people here, you can look at this site which explains how to run the configuration for the modem:

Setting up the system

We will first modify the system before setting up the software.

Setting up the kernel

I am using the kernel so if you are uing a different kernel the options might differ a bit.

Make sure the following options are selected (either compiled in the kernel or as modules):

Linux Kernel Configuration: PPP Support
Device Drivers  --->
   Networking support  --->
     <M> PPP (point-to-point protocol) support
     <M>   PPP support for sync tty ports
     <M>   PPP support for async serial ports (optional - used when troubleshooting)
     <M>   PPP Deflate compression
     <M>   PPP BSD-Compress compression

If you decide to compile the options as modules do not forget to add them to your /etc/modules.autoload.d/kernel-2.6 file. The modules will be called:

Example of what you should add to the autload when you compile the ppp support as modules.

File: /etc/modules.autoload.d

Either load the modules now or reboot using your new kernel before continuing with compiling ppp.

Setting up the network

We now need to make sure the network is configured properly. As this server will be a DHCP server as well as a router we will set both network cards with static configuration.

File: /etc/conf.d/net
 # This is the connection to the modem
 config_eth0=(" netmask" )

 # This is the connection to the lan
 config_eth1=( " netmask" )

Setting up software

After these modifications we will now install and configure the 2 packages which will be used for the uplink

Getting and configuring PPP

Grab the ppp program by emerging it:

emerge ppp

For more information about using ppp for dialup connections see the Dialup Connection HOWTO:

Now fire up your favorite text editor and point it to the file with login information:

File: /etc/ppp/pap-secrets
# Secrets for authentication using PAP
# client        server  secret                  IP addresses
$USER           *       "$PASS"                 *

Replace the $USER and $PASSWORD with your own username and password you were given by your provider. Note: The username is usually in the form of user@provider. Note: The password is quoted, probably in case you have a password with weird character.

Right, we told ppp what to use during login but it would also be nice to have the actual connection to aply this knowledge. We will fix that now.

Create a new file in /etc/ppp/peers - I've called mine 'adsl' - and paste the following in it:

File: /etc/ppp/peers/adsl
idle 0
user $USER
linkname adsl

pty "/usr/sbin/pptp --nolaunchpppd --phone pc1 --sync"

If you experience connection problems using synchronous mode (the default in the config above) try to set asynchronous mode (don't forget to load the async module as well!):

File: /etc/ppp/peers/adsl
idle 0
user $USER
linkname adsl

pty "/usr/sbin/pptp --nolaunchpppd --phone pc1"

In both example configurations the $USER should be replaced with your own username for the ADSL login.

Explanation of the used options

In this section I'll explain in more detail what each option does. You can safely skip this if you don't care what everything does.

idle 0

This prevents the ppp damon from killing the connection after after a specified period of inactivity.


Do not require the peer to authenticate itself - we're pretty sure the only thing on this network is the modem (not to mention the fact that the modem does not support this).

user $USER

Obviously, use the login we just specified in the pap-secrets file.


We ask the modem to tell us the addresses of the dns servers of the network he connected to. These addresses will be passed along to the connection scripts when we start the uplink.


As soon as the connection is initiated we set the remote gateway as our main gateway in the route table.

linkname adsl

This is an optional argument which provides us with a pid file in /var/run as long as the connection is enabled. You can create scripts which use this to check if the internet connection is up and running.


When specified, this makes sure the connection is reinitiated as soon as it gets dropped. In a way your downtime should only be a second or so while the daemon restarts the uplink if something went wrong.

Note: My internet never cuts out on me so I have no clue how well persist works if you use it on a highly unstable uplink.

Getting PPTP

Now we need to grab pptp as we need it for the tunnel to the modem (ppp will go through pptp to log in).

emerge pptpclient

Testing the uplink

If everything went as it should we should now have a working uplink.

Simply fire up pppd with the right connection and run ifconfig to see if it worked:

pppd call adsl
Code: PPPD output in /var/log/syslog
Nov  3 03:22:41 gauntlet pppd[6882]: pppd 2.4.2 started by root, uid 0
Nov  3 03:22:41 gauntlet pppd[6882]: Using interface ppp0
Nov  3 03:22:41 gauntlet pppd[6882]: Connect: ppp0 <--> /dev/pts/1
Nov  3 03:22:41 gauntlet pptp[6883]: anon log[main:pptp.c:267]: The synchronous pptp option is activated
Nov  3 03:22:41 gauntlet pptp[6887]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Nov  3 03:22:41 gauntlet pptp[6887]: anon log[ctrlp_disp:pptp_ctrl.c:732]: Received Start Control Connection Reply
Nov  3 03:22:41 gauntlet pptp[6887]: anon log[ctrlp_disp:pptp_ctrl.c:766]: Client connection established.
Nov  3 03:22:42 gauntlet pptp[6887]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Nov  3 03:22:42 gauntlet pptp[6887]: anon log[ctrlp_disp:pptp_ctrl.c:851]: Received Outgoing Call Reply.
Nov  3 03:22:42 gauntlet pptp[6887]: anon log[ctrlp_disp:pptp_ctrl.c:890]: Outgoing call established (call ID 0, peer's call ID 0).
Nov  3 03:22:48 gauntlet pppd[6882]: PAP authentication succeeded
Nov  3 03:22:48 gauntlet pppd[6882]: local  IP address
Nov  3 03:22:48 gauntlet pppd[6882]: remote IP address
Nov  3 03:22:48 gauntlet pppd[6882]: primary   DNS address
Nov  3 03:22:48 gauntlet pppd[6882]: secondary DNS address

Note: If you get something like:

Couldn't set tty to PPP discipline: Invalid argument

Make sure you have the synchronous tty module loaded or compiled into your kernel (I forgot this myself)

Looking at the last 4 lines you can see the connect succeeded. If you have copied my masquerading script you can now enter 'internet' on the console and manually configure your normal pc with an internal ip address and the dns addresses you can see in the output of pppd to go online!

Setting up internet for everybody

We now need to activate forwarding and masquerading.

I'll show the basic setup which simply activates it and also my own scripts which are a little more complex but also provide more options.

The basic masquerading setup

This is the basics from the Masquerading How-To which is also covered in the Dialup Connection How-To. Although functional, I have my own scripts which you can find in the next section.

Anyway, use the following commands (or put them in a script) to start the internet routing and close the ports on the outside world:

iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -P INPUT DROP

I was talking about this part of the how-to: HOWTO setup a home-server#Configuring masquerading and basic firewall

The 'better' masquerading setup

This is my own, custom script. It handles the masquerading, checks if the interface for internet is up (otherwise inserting rules would be pointless) and shows how to forward a port to an internal machine.

Note that I designed this with the main goal of being able to (re)start the firewall using a remote ssh login. Therefor it first strips the policies of the network to make sure we don't get shut out when the firewall comes up (and probably never finishes to come up as the script is stopped when the connection got killed).

I smacked this one in /usr/sbin so I can simply enter 'internet' and the routing would start.

File: /usr/sbin/internet
 # Written by Berend Dekens
 # Masquerading for server and port forwarding to internal servers
 echo "Setting free policy on default chains"
 iptables -P INPUT ACCEPT
 iptables -P OUTPUT ACCEPT

 echo "Flushing iptables"
 iptables -F
 iptables -X

 EXT_IP=`ifconfig ppp0 | grep inet | awk '{ print $2 }' | awk -F ':' '{ print $2 }'`

 if [ ${#EXT_IP} -eq 0 ]
    echo "Error while detecting external ip adress. Please make sure you are connected"
    echo "Auto detection found your internet address: $EXT_IP"

 # Reset to accept all normal policy (this is a safeguard for failing one the next rules and losing ssh capabilities)
 iptables -P INPUT ACCEPT

 # Allow existing connections on all interfaces
 iptables -A INPUT -d $EXT_IP -m state --state ESTABLISHED,RELATED -j ACCEPT
 # Filter on ppp0 - Drop new connection requests from internet
 iptables -A INPUT -d $EXT_IP -m state --state NEW -i ppp0 -j DROP
 # Allow traffic from other interfaces than ppp0
 iptables -A INPUT -i ! ppp0 -j ACCEPT
 # All other traffic is illigal - drop it
 iptables -P INPUT DROP
 # We wont do forwarding by default for any port
 iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT

 # Clear the NAT table
 iptables -F -t nat

 # Turn on NAT for ppp0
 iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE

 # Forward port 25 (SMTP) to internal mailserver,
 # Uncomment the next 2 lines to enable port forwarding of port 25 to the internal mail server
 #iptables -A PREROUTING -t nat -p tcp -i ppp0 -d $EXT_IP --dport 25 -j DNAT --to
 #iptables -A FORWARD -p tcp -i ppp0 -d --dport 25 -j ACCEPT

 # Enable IP forwarding in general
 echo 1 > /proc/sys/net/ipv4/ip_forward

Adding a bit of luxury: DHCP server

Start by emerging the dhcp server:

emerge dhcp

Edit the configuration in /etc/conf.d/dhcpd.conf and make it look something like this:

File: /etc/conf.d/dhcpd.conf
# This is the only DCHP server on the network

# Set the dns servers
option domain-name-servers,;

# Set the lease time to one day
default-lease-time 86400;
max-lease-time 86400;

# How the DNS should be updated
ddns-update-style interim;

# Change the domain name to whatever you want your domain to be.
option domain-name "local.lan";

# Our internal lan will use the 192.168.0.x class
subnet netmask {
    # This will be us as we are the internet gateway
    option routers;

    # Tell the clients what range to broadcast
    option broadcast-address;

    # Determine the range to manage, we leave room for 48 static addresses which can be used for servers (you don't want them to switch address because of dhcp)

And start the dhcp:

/etc/init.d/dhcp start

Finishing it

If all is well you now have your Alcatel Speedtouch online together with your gentoo server which now supplies the whole network with internet access!

Now all we need to do is make it all a bit more persistent as a reboot will wipe all that magic...

Now I suppose I could use all those fancy scripts that are present but quite frankly I don't care - its 3 AM here by now and I simply want this working and finished and I suppose you do as well.

The most simple solution is to slam it all in the local bootup scripts:

File: /etc/conf.d/local.start
# Fire up the ADSL connection
pppd call adsl
# Start the masquerading

Now all we need is the DHCP server to come back alive after a reboot:

rc-update add dhcp default

There we go, the whole how-to to get your Alcatel Speedtouch back in action.

Retrieved from ""

Last modified: Fri, 29 Aug 2008 04:27:00 +0000 Hits: 15,347