I have been experimenting again with the ” First packet in connection is not a SYN packet: TCP 192.168.1.51:1036->126.96.36.199:80 on ppp0 ” error in my SAGEM F@ST router.
What I found was that the Sagem firewall and/or NAT throws this messages whenever tcp packets are fragmented and this has to do with the MTU (maximum transmission unit)
In short this means:
IP packets have a maximum load of 1500 bytes without fragmentation. If the load is bigger, the package will be split in multiple fragments that are transmitted separately. (fragmentation). When a PC (browser) communicates with a server, they agree on a maximum packet size (mtu) and that will be used for the remainder of the communication. Both your computer and server use the internal MTU and they don’t care about the MTU of devices and routes in between. Windows usually has a MTU of 1500, meaning it will squeeze every last bit in one packet. This is fine on a local LAN, without routers. But when the packet needs to be transmitted over PPPoE (ADSL), there is some additional 8 bytes of header-information that needs to be added, thus making the packet 1508 bytes, which is to big and will be fragmented. (learn more about this here)
Normally fragmentation is handled fine by routers in between, but the Sagem seems to mess things up.
What we need to do is lowering the MTU on the computer. This may avoid fragmentation and maybe with it this problem. To do that I used TCP/IP Optimizer 3 found here.
This program needs to run as Administrator. Put it on “Custom” (bottom right) and select you Network Adapter. Then set MTU to something like 1492 (or if you want to be absolutely safe 1460) and press Apply changes. Reboot.
If found that using a setting less then 1492 would reduce the “NAT out failed First packet” errors somewhat, but not completely. I still believe there is no real fix, unless there is a firmware upgrade (doubtful).
Please let me know in the comments what results you had.