SpeedTouch 510

Welcome to the Website of

Ferry van Eeuwen

SpeedTouch 510

This is my Alcatel SpeedTouch 510 Ethernet modem which I recently purchased to replace the old Alcatel analog USB modem. The reason was that I wanted a router and hardware firewall to protect the four computer - one is the wife's - from outside attacks and to give all computers full access to the internet at the same time. I used the analog USB modem in combination with an little Ethernet hub. The computers could access the internet via a proxy server installed on the main computer. A disadvantage of this setup was that this computer always had to be up in order to service one or more of the other computers.

Configuration with the Alcatel ADSL Ethernet modem (SpeedTouch 510). Each computer also uses ZoneAlarm as a firewall.

All very nice and well it seemed until I found out that my Apache web server on my main computer and also my web cam server could not be 'seen' any more from the internet. At first I suspected that the Sweex 4 port broadband router with printer server was the culprit or rather poor programming capabilities. After disconnecting the router I found that the SpeedTouch 510 was blocking all access to the servers, because of the built in NAT, DHCP and firewall. So what now? Searching the internet did not bring any solutions, except for Linux OS, only sites where others appeared to be stuck with the same problem....

Next I downloaded and printed a hefty programming manual for the 510 and then started to modify the user.ini file which contains all instructions for the modem's setup. After some experimenting I came to an in ini-file which comes close; it disables the NAT, DHCP and hardware firewall. However, when the modem is accessed from the internet the Speedtouch setup screen is popping up. This seems to have taken over control of the HTTP port 80 preventing any access to the Apache server, but also blocking port 8080 used by the web cam server in some way. Anybody interested in the modified ini-file can download and have a look at it: sip_spooff.ini

Another method, which I think will work better, is called DHCP Spoofing. With spoofing the NAT is not used anymore and the result is that the SpeedTouch 510 modem will become transparent. Normally the end-machine/router does the dialling and will get the real IP address from the ISP. With DHCP Spoofing the modem does the dialling and receives the IP address from the ISP and then relays it to the end machine/router. Neat trick! You can have a look at the spoofing file which is on the CD-rom from the local ADSL provider KPN Telecom - not the ISP which in my case is XS4ALL - delivered with the SpeedTouch 510 modem: KPN TELECOM_SPOOF.ini The only problem is that after uploading this file the modem becomes transparent in only 1 out of 10 uploads! I have not found out what the problem is. KPN Telecom does not support this mode and has only the usual stupid FAQ on their web site. Well, as was the case with the privatisation of the National Railways (trains never on time since then), gas- and electricity supply companies, their service levels have gone down, deep down and their consumer' prices have rocketed. From the news papers I understand that in line with the latter the top management salaries have gone up sky high (tenfold).

A third method. which only works well until now without the broadband router, makes use of this file: Spoof.ini Apart from uploading this following you will have to do the following:

	Upload the Spoof.ini file into the SpeedTouch 510 Ethernet modem.
	Manually insert your IP number in the TCP/IP LAN properties. To be able to do so you have to click the manual mode, not the automatic allocation one. Use as subnet mask 255.255.255.0 Do not (yet) fill in the Standard Gateway. Fill in the DNS server addresses according to your local situation. Close the Properties screen and close the other screens.
	Now bring up the Command Prompt and type: route -p add 10.0.0.138 mask 255.255.255.255 a.b.c.d. The latter is your external IP address as allocated to you by your ISP. The instruction -p makes the new route permanent and will be used again after the next start-ups. You can always remove the new route by typing: route delete
	The only thing left to do is to fill in the 10.0.0.138 as the Standard Gateway and everything should work now. If not try to switch off and then on again the LAN-connection.

Latest news! (07-29-05)

The final solution for the transparency problem!

At last the combination of SpeedTouch 510 ethernet modem and Sweex Broadband Router have become transparent voor my Apache webserver, webcam and live streaming video application. No spoofs have been used either! As always the solution is very simple, once you know what to do! Recently I had a look at the Status Info of the router and I noticed that the WAN IP was 10.0.0.151 as shown in the following picture.

The Status Info will take you to this kind of screen. I hope it is also available in your type or router, but lots of these boxes are rather similar, including the software.

As an experiment I decided to enter this value in the SpeedTouch 510's NAT setup together with the different port numbers as shown beneath.

Note that I have blocked out the last three digits of two of the ports. Safety first! You can create your own combinations by means of the New button. Fill in 10.0.0.151 as the Inside Address and the Inside and Outside Ports (same number). However, first you will have to delete the present entries. Before you do this it may be a good idea to make a note of those entries so that you always can go back to the old situation, if required.

Next you will have to set open the same ports in the Broadband Router. Furthermore you have to make your firewall transparent for the same ports. But you probably already did that before. Now you have to check whether all this really made your webservers, webcams or other applications reachable from the outside. I cannot check this by putting in the browser http://myip:portnumber but I can check this from another computer and modem. If that is difficult there is a perfectly good possibility to have your computer checked for open ports by Shields Up which works very nice and has a lot of additional possibilities. Within this web site there is a page in which you can enter your port number and after pressing the 'Jump' button the web site will tell you whether that port is open or closed. Important: Your server or application must be up and running. If not the port is seen as 'Closed'.

Let's assume that the port or ports show up as 'closed' anyway. You will then have to remove the router and test the computer with the SpeedTouch 510 in the same manner. If the applications are not reachable from the outside world you still have a problem in the SpeedTouch settings and I am sorry that I cannot help you further. The only thing you can still try is to shut off the firewall and see what happens. If that helps the problem is in the firewall's port settings.

However, if everything is okay than there still is a blocking issue in the router which should be removed first. Check the NAT settings again. My Sweex router has under the NAT screen a Virtual Server button and after pressing this button I can enter the computer's IP, in my case 192.168.2.117. and the required port numbers. You probably can do something similar in your router's program.

In conclusion there is also the Sygate site with which you can also check your ports if you like and also a lot of other things can be checked while you are at it.