I was checking the log of my Belkin modem router as there have been a few instances of pages not being found and the dialup connection box being presented. Clearly I do not want to dial up if I am conected via the network. The error log indicates some outgoing messages as blocked and ther being an issue with the NAT. The error goes on to give the intiating ip address of my PC on the network and the destination ip address, together with a some description of the SYN packet not being present on ppp0. I can't remember the exact wording but this gives the jist.

What is the relationship between NAT, that I understand is the Network Adress Translation that the router carries out before sending the data into the internet, and SYN? Does SYN originate in the initiating PC, and why would a SYN packet not be included in the message? What do I need to do to the PC to make it happen?

If you need actual messages, I will post the tonight when I get home.

well a SYN packet is used to initiate the three-way handshaking process in TCP. Basicly when host A wants to send data to host B using TCP it needs to setup a reliable session it does this by sending a SYN packet (SYN=synchronization packet) in the packet is a sequence number (well call it X) and window size as well as the source and destination port and a checksum. When host B recieves the SYN request it send back a SYN-ACK (synchronization acknowledgement) which contans its TCP window size and and a sequence number X+1, A new session sequence number well call Y, as well as source and destination port and checksum, Host A will recieve the SYN-ACK and compare window size and use the smallest one (this sets how big a packet can be) it then sends back a TCP-ACK saying it understood the setup information and is now ready to start sending data with a window size of this, it responds with a sequence Y+1. Now the TCP 3-way handshaking is complete data can now be passed. Now where does NAT fit in basicly no where because NAT is a one-to-one translation and only changes the IP address however your belkin is doing PAT (port address translation) which is a many-to-one translation this is at the transport layer and changes the port number and the IP address.

would need to see the error log to know what exactly your problem is sounds like corrupted packet though probably from bad NIC or Router.

I'll add more when I get home, but thanks for the explanation so far.

Messages are: in the Event type field "Blocked - NAT out failed" and in the details field "First packet in connection is not a SYN packet: TCP 192.168.2.2:1062->209.68.14.80:80 on ppp0" other entries have as the detail "Packet not in tcp window: TCP 192.168.2.2:1065->204.11.109.63:80 on ppp0"

Any clues as to what is happening?

Are you running a P2P application or multiple browsers when this happens? that looks like a NAT issue where the router does not support TCP Simultaneous-Open connections. described here and yes I read very boring material... http://www.ietf.org/internet-drafts/draft-hoffman-behave-tcp-03.txt

I would say either a certain program you are running is causing this (maybe virus / root kit) as it looks like it is sending a TCP packet larger then the determined window size. My persaonal guess update the firmware on the router or posibly the router itself needs replaced that is my best guess.

The router is brand new bought about 2 weeks ago. I did notice some reference in the packaging to 2000 though. Perhaps it has been on the shelf a while. I checked the update routine within the router that says I have the latest firmware. It could be a multi browser issue as most occurences were happening when my wife was looking at holiday destinations and a second window opened to show pictures of the villas etc. I'll read the document you pointed to and see what it has to say.
Thanks.

Sorry I was in a hurry on last post but as the article says this may have to do with the routers firewall as it uses stateful inspection meaning it looks at the TCP sequences the ACKs and SYNs so it allows your TCP packets to go out and only allows TCP responses back in this way you are secure as the only thing allowed in the firewall is from something you requested. So when it denied the packet it was saying either the packet was corrupt and it couldnt read the SYN, or the router itself is getting the sessions confused and flaking out causing them to drop and you having to re-establish them.
Dropping sessions is not an exceptable behavior. It really sounds like you got a lemon router right from the get go, just my opinion.