Open Source

Using Linux with ADSL

Want to set up your Linux computer to use ADSL for a low-cost, high-speed Internet connection? Vincent Danen has the know-how you need, so read on!

Many people are enjoying the advantages that high-speed connections to the Internet offer. The most popular low-cost connections that can be obtained today for end users connecting to the Internet are cable and DSL. In this Daily Drill Down, we’re going to look at setting up your Linux computer to connect to the Internet using DSL.

DSL stands for Digital Subscriber Line. There are different types of DSL services. ADSL, or Asymmetric Digital Subscriber Line, is probably the most widely used DSL service. Basically, it communicates over the high frequency on your standard telephone line. This high frequency is not used by traditional analog phone equipment, such as telephones, fax machines, and modems, which use frequencies below 4 KHz. This means that you can use DSL on the same phone line as your standard telephone without interrupting your telephone service. What you get is high-speed Internet access 24 hours a day, seven days a week, without busy signals for your phone.

Installing DSL
Installation of your DSL service is typically done by your ISP or telephone company and is beyond the scope of this Daily Drill Down. However, the installer will supply you with a DSL modem, which is actually a simple Ethernet hub with a single incoming Ethernet connection and an outgoing telephone connection, that you plug in to a standard telephone jack. There are other DSL modems that are also standard hubs and provide more than one incoming Ethernet connection so that they can handle multiple computers simultaneously.

I use ADSL on a network of six computers. One runs Windows 98, and all the others run Linux Mandrake. They are networked together using a standard eight-port, 10-Mb hub with the hub’s uplink port plugged in to the ADSL modem. This arrangement allows each of my computers unrestricted access to the Internet, and each runs with its own firewall enabled. You could, of course, have the ADSL modem connected to a dedicated firewall/router computer containing two Ethernet cards, where the first would be connected to the Internet and the second connected to another computer or hub for your internal network.

Another option is DSL modems that are internal cards that you plug in to a PCI slot in your computer. I don’t recommend this type of DSL connection to anyone running Linux. Using an external DSL modem is much easier than using a proprietary internal card that Linux may or may not support. Using an external DSL modem connected to your computer via an Ethernet card makes more sense. At least this way you can ensure that Linux supports the Ethernet card you choose to use.

Configuring Linux to use DSL
The first thing you need to do when setting up Linux to use any high-speed Internet connection, whether it be cable or DSL, is to set up your networking and Ethernet devices. Make sure your Ethernet card is working and, more importantly, that it is supported under Linux. If neither is the case, correct the problem by replacing the card, and then proceed. One excellent source of information on setting up your Ethernet card is the Ethernet HOWTO.

Once your Ethernet card is installed, you‘ll need to configure it. There are a few pieces of information you should know before going any further. First, you need to know whether your IP address is static or dynamic. If it's dynamic, most likely you’ll be using DHCP, so you won't need to worry about any other settings. If it's a static IP address, you'll need to know your IP address as well as the gateway IP address that you’ll need to connect to in order to access the Internet. In my case, the gateway IP address is the IP address assigned to the ADSL modem.

Using DHCP
DHCP is pretty straightforward to use. Download or install a DHCP client program from your favorite Linux application repository (freshmeat, for example). Typically, most distributions will come with at least two clients: pump and dhcpcd. In my experience, dhcpcd is the better client of the two, but which client you use is really dependent upon the DHCP server your ISP is using.

Install dhcpcd first, if you have it. Then go into Linuxconf (on a Red Hat or Linux Mandrake system) and view the Networking | Basic Host Information settings. For the Ethernet card connected to the DSL modem (let's assume that eth0 is your external Ethernet interface and eth1 is for your internal LAN), change the Config mode to DHCP. The only other things you need to define for eth0 are the net device (eth0) and the kernel module, which is the device driver used for the Ethernet card. You may also need to define the I/O port and IRQ.

Next, go into Networking | Routing And Gateways | Set Defaults. The gateway address will be provided by the DHCP server, so don't worry about that field. There is also a check box to enable routing. If the machine you’re configuring is to act as the gateway to the Internet for your internal LAN, then enable routing. If the machine will be a stand-alone computer (either you have no LAN or your DSL modem is connected to the uplink port on your hub), then leave routing disabled.

Exit Linuxconf and save the changes. You should be able to simply run
/etc/rc.d/init.d/network restart

to evoke the changes, which Linuxconf itself should prompt you to do. To see if you configured the card successfully, at the command line run

and view the settings for eth0. You should have an IP address, broadcast address, and subnet mask. Trying pinging any Web site or Internet site using the site's name, not the IP address. This will ensure that DNS is working on your system. If all this works, you're in business.

If you get an error when starting the network after making the changes, dhcpcd may not be the proper client for you to obtain DHCP information from your ISP's DHCP server. If such is the case, give pump a try. Simply uninstall dhcpcd and then install pump from your distribution CD or download it from your distribution's FTP site. To do this, run
rpm -e dhcpcd
rpm -ivh pump*

Now try issuing
/etc/rc.d/init.d/network start

and see if that works. You should be able to obtain your IP address and other network settings via DHCP using either dhcpcd or pump, depending on your ISP. There shouldn't be any extra configuration options required for the DHCP clients themselves, as both work quite well out of the box with the majority of DHCP servers. If you need more information on setting up DHCP, you can view the DHCP mini-HOWTO.

Using a static IP address
Now let's look at setting up a static IP address for your DSL connection, which is a little more challenging than using DHCP. As with using DHCP, you must configure your Ethernet interface first. Again we'll assume that eth0 is connected to the Internet and eth1 is for your internal LAN.

Start up Linuxconf and view the Networking | Basic Host Information settings. You’ll need a little more information this time. You’ll need to know your static IP address and the subnet mask, both of which will be provided by your ISP. Make sure that the Config mode is set to Manual.

Next, go into Networking | Name Server Specification (DNS). Here you want to enable DNS usage and type in the DNS server(s) that your ISP gave you. You can also add a search domain, which would be the domain name of your ISP. For example, if your ISP is, you’d enter in the Search Domain 1 (opt) field.

Now select Networking | Routing And Gateways | Set Defaults. Here you want to enter the gateway IP address that your ISP provided. There’s also a check box to enable routing. If the machine you’re configuring will act as the gateway to the Internet for your internal LAN, then enable routing. If the machine will be a stand-alone computer (either you have no LAN or your DSL modem is connected to the uplink port on your hub), then leave routing disabled.

Finally, exit Linuxconf, and it will prompt you to restart the network. After you restart the network, at the command line enter

You should now see that eth0 is up and running with the information you entered into Linuxconf. Make sure that you can ping an external Web site using the domain name and not the IP address to ensure that DNS is working. If all goes well, you’ve correctly configured your Linux system to use DSL!

Turning Linux into a router/gateway for your internal LAN
If you have a single computer connected to the Internet or you have your DSL modem connected to the uplink port of your LAN's hub, you can ignore this section. If, however, you want (or need) to force traffic to the Internet through your Linux box, here are a few tips you might enjoy.

Now that you have eth0 configured (the Ethernet interface connected to the Internet), you must configure eth1 for your internal LAN (if you haven't already). Let's assume for a moment that your internal LAN is using for its network. Go back into Linuxconf and define eth1 to use the address with a subnet mask of Exit Linuxconf, restart the network, and run ifconfig to make sure that both eth0 and eth1 appear with the appropriate settings.

Now go to another computer on your internal LAN. If it’s a Linux computer, you already know how to set it up to use a gateway. Open Linuxconf on this computer and define eth0 to have a static IP address of with a subnet mask of You can give it the IP addresses of your ISP's DNS servers, or you can give it the address of the gateway machine ( if that machine will be running a caching name server (which is useful in a DHCP environment). If you use DHCP but don't want to set up a caching name server, check your /etc/resolv.conf file for the name server IP addresses. It should contain the IP addresses you need to enter because the DHCP client retrieves this information from your ISP's DHCP server.

Finally, define the gateway address for this internal machine and point it to your gateway machine ( Exit Linuxconf and restart the network. You should now be able to ping If you cannot ping, go back into Linuxconf and double-check your settings as well as your hardware connections and keep trying until you can ping it.

For a Windows 98 computer, choose Control Panel | Network | TCP/IP and define your IP address ( or whatever you choose) and the subnet mask of Then change to the Gateway tab and enter your gateway address ( Finally, go to your DNS Configuration tab, enable DNS, and enter the IP address(es) for the DNS server(s) for your ISP or if you’re going to run a caching name server on your Linux router/gateway machine. Then exit and save your changes. You'll have to reboot your Windows 98 computer in order to make the changes take effect. Once you've rebooted, open up a DOS box, ping, and make sure that it responds.

If everything works as expected, your internal LAN is almost ready to use the Internet through your Linux router/gateway computer. The only step left is to go back to your Linux router/gateway computer and enable IP masquerading.

Setting up IP masquerading
The final step is to use ipchains to masquerade packets. This step will take all TCP or UDP packets from that arrive on the gateway and change them so they look like they’re coming from the gateway's external IP address (the one assigned to eth0 in our example). When packets come into the system, ipchains checks to see to whom they are really addressed, then rewrites the packet headers, and forwards them to the internal computer so that the exchange is transparent to both the internal computer and the Internet.

Setting up ipchains to build an appropriate firewall is beyond the scope of this Daily Drill Down, but you can build a firewall around the script below (and I highly recommend that you do). The following script is just a bare-bones firewall script to allow IP masquerading from your internal LAN. The best place to include this script is in your /etc/rc.d/rc.local file so that it’s called every time you boot the computer. Remember, this goes on your Linux router/gateway only, not on any client computers.
/sbin/ipchains –F
/sbin/ipchains –Z
/sbin/ipchains -A forward -j MASQ -s -d
echo 1 > /proc/sys/net/ipv4/ip_forward

Basically, this script first flushes all the ipchains rules and then zeroes them (resets all counters). The third line is the actual masquerading rule. This line tells ipchains to append a rule to the forward chain (which does all of the IP packet forwarding) of type MASQ, which means to masquerade. Then we give it a source address of, which could also be written as This address indicates which network to allow ( and the subnet mask ( Finally, we define the destination address of anywhere (, which means that all packets from the internal network should be allowed everywhere and should be masqueraded. The last line simply tells the kernel to allow IP forwarding.

If you want to allow only certain machines access to the Internet, you can change the third line above:
/sbin/ipchains -A forward -j MASQ -s -d

/sbin/ipchains -A forward -j MASQ -s -d

and specifically allow certain machines. This will allow you to control which computers on your internal LAN are permitted access to the Internet. There are other powerful rules for which you can use ipchains: to permit certain machines access to certain sites, to disallow others from certain sites, and so forth. However, those commands are beyond the scope of this Daily Drill Down. Ideally, you should read the IPCHAINS-HOWTO or Jack Wallen, Jr.’s Drill Down ipchains: A painless way to ensure networking security.

Once you've executed the above commands, either by running

if you included them in your /etc/rc.d/rc.local script or by executing them by hand, go back to a client computer and try to ping a remote Web site using the domain name so you can be sure that DNS works correctly. If you have any problems, review the instructions again and make sure that you followed them exactly. When everything works, congratulations! You've successfully set up a Linux router/gateway for your network!

Using Linux as an inexpensive firewall, router, and gateway is becoming increasingly popular among individuals and companies, mostly because the price is right and the effort is minimal. Although we didn’t discuss security in this Daily Drill Down, you’ll want to read up on ipchains to make the most of its security features because it’s more than just a facilitator for routing packets between the Internet and a local LAN. It’s an extremely versatile and powerful firewall, and you’ll want to take advantage of that to secure your internal network from the external Internet.

Vincent Danen, a native Canadian in Edmonton, Alberta, has been computing since the age of 10, and he’s been using Linux for nearly two years. Prior to that, he used OS/2 exclusively for approximately four years. Vincent is a firm believer in the philosophy behind the Linux "revolution,” and heattempts to contribute to the Linux causein as many ways as possible—from his FreezerBurn Web site to building and submitting custom RPMs for the Linux Mandrake project. Vincent also has obtained his Linux Administrator certification from Brainbench .He hopes to tackle the RHCE once it can be taken in Canada.

The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

About Vincent Danen

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks

Free Newsletters, In your Inbox