0

I'm trying to get to the bottom of a connection problem.

My payment processor uses port 4330 and has no firewall for incoming connections. My hosting company blocks this port by default but has allowed outgoing connections to the IP addresses of the payment processor for me on port 4330.

When I try to make a connection to the payment gateway it always connects but it takes over three minutes, somewhere there is a bottleneck but I don't know where.

I can connect to the payment gateway from my local server with no problem at all so the problem is between the live server and the gateway.

Any thoughts?

charliefarley321
  • 1
  • Why not run a tracert – Chopper3 Apr 30 '12 at 13:59
  • a traceroute is showing timeouts for one IP, weirdly a telnet through port 4430 is able to connect to that IP address but not the other one they supply...? I really don't know anything about this stuff. – charliefarley321 Apr 30 '12 at 14:12
  • Get someone in who does, otherwise this could become a VERY long Q&A chain :) – Chopper3 Apr 30 '12 at 14:13
  • Useful comment. Unfortunately neither my hosting company nor the payment gateway can shed any light on this or suggest anything else to try. That is why I am asking here. – charliefarley321 Apr 30 '12 at 14:27

1 Answers1

0

You mention in the comments that the payment processor has multiple IP addresses. Where are those coming from? If they were provided by the processor, check that they are all still valid. If they are coming via DNS, check that your DNS is correctly configured and all DNS servers all up-to-date.

What I suspect is that your payment system is going through a list of potential addresses, the first few of which are either not valid or are blocked. So the 3 minute delay is how long it takes to find a good address. The fact that it works in one location and not another could either be a difference in DNS or a difference in firewall blocking. The simplest way to test this would be if you could hard-configure the client side to only use the one address which responds quickly. That's not a long-term solution, but if it works then the problem will narrowed.

Seth Noble
  • 376
  • 1
  • 6
  • They are fixed IP addresses provided by the payment processor - the same for everyone using their service. Is there a way I can test if a port is open for outgoing traffic? My hosts claim to have opened 4430 for outgoing. I've looked at http://www.yougetsignal.com/tools/open-ports/ but not sure if it is only checking for incoming as it says the posrt is closed. – charliefarley321 Apr 30 '12 at 15:26
  • Actually the script accesses the payment processor via a domain name, the IP address were provided for my hosting company to allow access for outgoing traffic through their firewall. DNS issue? – charliefarley321 Apr 30 '12 at 15:32
  • If possible, try hard-coding the known-good IP address in the script and see if that helps. If that fixes the problem, then its a DNS issue. Most likely either a bad name server in `/etc/resolv.conf` or improper caching somewhere. – Seth Noble Apr 30 '12 at 15:41