Tag Archives: Sagem

BBox2 Sagem Blocked – NAT out failed First packet in connection is not a SYN packet (part 2)

Published by:

I have been experimenting again with the ” First packet in connection is not a SYN packet: TCP 192.168.1.51:1036->157.55.133.202:80 on ppp0 ” error in my SAGEM F@ST router.

What I found was that the Sagem firewall and/or NAT throws this messages whenever tcp packets are fragmented and this has to do with the MTU (maximum transmission unit)

In short this means:
IP packets have a maximum load of 1500 bytes without fragmentation. If the load is bigger, the package will be split in multiple fragments that are transmitted separately. (fragmentation). When a PC (browser) communicates with a server, they agree on a maximum packet size (mtu) and that will be used for the remainder of the communication. Both your computer and server use the internal MTU and they don’t care about the MTU of devices and routes in between. Windows usually has a MTU of 1500, meaning it will squeeze every last bit in one packet. This is fine on a local LAN, without routers. But when the packet needs to be transmitted over PPPoE (ADSL), there is some additional 8 bytes of header-information that needs to be added, thus making the packet 1508 bytes, which is to big and will be fragmented. (learn more about this here)

Normally fragmentation is handled fine by routers in between, but the Sagem seems to mess things up.

What we need to do is lowering the MTU on the computer. This may avoid fragmentation and maybe with it this problem. To do that I used TCP/IP Optimizer 3 found here.

This program needs to run as Administrator. Put it on “Custom” (bottom right) and select you Network Adapter. Then set MTU to something like 1492 (or if you want to be absolutely safe 1460) and press Apply changes. Reboot.

If found that using a setting less then 1492 would reduce the “NAT out failed First packet” errors somewhat, but not completely. I still believe there is no real fix, unless there is a firmware upgrade (doubtful).

Please let me know in the comments what results you had.

Sagem error Only one WAN connection can be enslaved by each bridge : Resolved

Published by:

sgmSymptoms: You want to change IP settings, change IP address ( local Ip address, default 192.168.1.1 ) but Sagem router returns a message: “Only one WAN connection can be enslaved by each bridge

Reason: Other VLAN interfaces are enabled and should be disabled when changing the LAN settings.

Solution: You do not need VLAN , so disable the VLAN circuits

– Go to advanced settings
– Choose Network Interfaces
– Click on LAN Bridge
– Click on settings (button)
– Disable the Wan ethoa0 … 12 ( disable everything exept LAN Ethernet en LAN Wireless – first and last ).

sgm

– Now you can change your LAN IP settings.
– Eventually return the state of the disabled interfaces ( only if required )

The Sagem 3464 is a (wireless) VDSL2 broadband internet router. It’s used by Belgacom, EDPNET, and maybe other providers using VDSL2 in Belgium.

Connect to the Sagem via a crossed UTP/STP cable into the Yellow port on the back of the unit (next to the power switch). The default IP is 192.168.1.1 Alternatively connect both router and PC to a hub or switch. ( Mind the unit’s DHCP server is active by default. )

Bad Behavior has blocked 1746 access attempts in the last 7 days.