SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 38
  1. #1
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Suspected Router/Firewall Issue - Can't process online payments

    Hello,

    I hope this is the right place to put this problem.....

    I am having a problem that I suspect is due to my firewall and/or router blocking me from processing online credit card payments. We use a MOTO facility where we can manually input a client's credit card details for processing.

    I put all of the details in the field and hit process...it then acts like it's going to begin that process, then immediately stops. There is no error, no page re-direction...nothing. It only shows their spinning " I'm thinking " wheel for about 1/2 second, then nothing. The page is still there with all of the clients details and no transaction has been placed.

    At the request of the payment processor, I tried 3 different browsers (Chrome, IE and FF) but the problem still persists. I then tried from another computer on the same network...same problem. I had an employee try from a different office in a different city and the process worked perfect.

    This is why I think it is a problem with the network.

    Is there any direction you can think of that I can try? Their help desk is moving very slowly on this.

    Thanks for the help!

    Cheers,

    Dave

  2. #2
    SitePoint Evangelist
    Join Date
    May 2006
    Location
    Austin
    Posts
    401
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Does it ever error out, or just go back to the page?

    I would lean towards something with the payment processor blocking you rather than your router. If your router was blocking it, you would most likely get a timeout error page.
    Merchant Equipment Store - Merchant Services, POS, Equipment, and supplies.
    Merchant Account Blog | Ecommerce Blog

  3. #3
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jestep View Post
    Does it ever error out, or just go back to the page?

    I would lean towards something with the payment processor blocking you rather than your router. If your router was blocking it, you would most likely get a timeout error page.
    Hey jestep,

    Im not getting any errors at all....it's like it stalls, then nothing.

    I have been in touch with the payment processor but it would appear as though they don't know anything. They don't see the transaction attempts at all.

    Any thoughts are appreciated.


    Cheers,

    Dave

  4. #4
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    5,307
    Mentioned
    213 Post(s)
    Tagged
    5 Thread(s)
    I've moved this to Server Config, as it sounds to be more of a network issue.
    Don't be arrogant. Be kind to a koala that thinks it's a bear.

  5. #5
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Hi wisedave1,

    Do you know what ports the online payment servers requires to communicate with their service? I would assume they are using the default SSL port 443 but can you confirm?

    If you find the ports that are being used we can attempt to use TelNet to access these ports to see if the answer. If for some reason your firewall lost a configuration and a port was disabled or someone accidentally disabled the port(s) then that will stop it right there without necessarily getting errors as the web part of it will work but the secure communications data obviously is not making it to your payment processor, but this will not generate an error except in the firewall logs.

    Did you validate your account with your payment processor? Did they change any part of your account or adapt any of their payment systems recently? Just because they don't see any errors connecting they may not be looking to see if your TCP/UDP traffic came to them.

    Steve
    ictus==""

  6. #6
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey Steve,

    I will pose the questions and get back to you......thanks for the help and idea! It's appreciated....

    -Dave

  7. #7
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    WD1,

    Steve (SS) probably has hit on the correct problem.

    I would have started with a verification that the correct information has been supplied in your form, i.e., testing via an intermediate page to print the information to your monitor rather than sending on to the processor.

    Finally, processors normally have an error handling directive to return information about why a submission failed so check your configuration.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  8. #8
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    I have heard back from eWay and this is what they state -


    "Our gateways operate of the standard SSL port 443 and since you are able to login to the Business Centre which is also on a secure site (port 443) we can eliminate any issues with your firewall blocking this port because if it were you would not be able to access any page with "https://"

    With regards to this reply on the forum "Did you validate your account with your payment processor? Did they change any part of your account or adapt any of their payment systems recently? Just because they don't see any errors connecting they may not be looking to see if your TCP/UDP traffic came to them." it would not be relevant to this issue as you are processing the payment via your eWAY Business Centre which is a web based control panel. In cases where you are communicating with eWAY via an API call from your website or application we would then need to look at incoming traffic, ports and IPS."



    I had an employee check to see if transaction can take place from their office location (in another city) and it worked fine. eWay is thinking it may be a firewall/router issue. I swapped routers (albeit the same kind), and it still doesn't work on my end. I normally have AVG running in the background but turned it off and tried....still the same problem.

    I don't know where to go from here....any additional thoughts or ideas about this or firewall/router setting would be appreciated!

    Cheers,

    Dave

  9. #9
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    WD1,

    Good troubleshooting and reporting back here! It appears (from your check from another office) that it is your local system which is causing the problem and have to agree with you and Steve that the culprit is likely your new firewall.

    Firewalls are finicky things. I'll bet the new firewall isn't configured the same as your old firewall so I'll suggest that you look to the configuration (port 443).

    Regards

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  10. #10
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    Thanks for the input. Is the firewall you are referring to my router? #confused

    My initial thoughts on your response brought me back to the help that eWay is giving me.....being that I can log into their web based portal that is https, port 443 should not be an issue. I say that....but I don't know what that means LOL! I am only parroting what others are saying. It makes me looks smart when I say it but for those in 'the know', if they ask one question they would realise I am speaking a load of ********!

    Maybe I just don't have a grip on what eWay is advising me of....

    Further input is always appreciated!

    Cheers,

    Dave

  11. #11
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    So Dave you don't have a dedicated firewall or is your router both a router and firewall combo; if you don't know then what brand/model is the router?

    You are on the money with
    My initial thoughts on your response brought me back to the help that eWay is giving me.....being that I can log into their web based portal that is https, port 443 should not be an issue.
    so another thing to diagnosis is latency, ie. does the request time out before the service answers? There service may have an incompatibility with your router - this would only be the case if they've recently made changes which the didn't seem to answer in their response.

    Try this to help provide more diagnosis informtion:


    • To determine if an intermediate device is blocking you or latency is poor, open a command line and attempt to traceroute using the traceroute utility
      Code:
      tracert 
      host.address.com -d
      the -d tells it to not map to host names.
    • From the previous traceroute you'll get the IP of the host.address.com (denoting them as x in the telnet code) then telnet:
      Code:
      telnet x.x.x.x 443
      see if the telnet establishes an initial connection. if the service doesn't respond you get a message like "Could not open a connection to host on port 443 : Connect failed" otherwise it will connect and wait (with a flashing cursor) for input. You may need to go through each IP that was listed in the traceroute to find if one of the intermidiate routes is causing a problem.
    • You should also consider asking your other office what type of router they are using and try a similar model at your location.


    Regards,
    Steve
    ictus==""

  12. #12
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey Steve,

    I can't seem to get this part right.....

    I opened a command line and typed tracert, but do I need the "[ ]"?

    When you reference host.address.com -d, would I use "https://uk.myeway.com/BusinessCentre.aspx"?

    Thanks for the help in getting over this first hurdle.

    -Dave

  13. #13
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK....I may be getting somewhere now as it seems to be whirring away. This is what I see.....does this tell us anything?

    tracert.jpg


    Where do I go from here?

    Cheers,

    Dave

  14. #14
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by wisedave1 View Post
    OK....I may be getting somewhere now as it seems to be whirring away. This is what I see.....does this tell us anything?

    tracert.jpg


    Where do I go from here?

    Cheers,

    Dave
    Hi Dave,

    The tracert looks pretty normal. The 'destination not reachable' are likely router that don't allow ICMP (PING) so they just won't answer, but the good news is that you arrived at your end host. The latency in the system is not too bad.

    The next thing is to try telnet (as I described in my last post. Let us know how the telnet goes. Remember to first try telneting to the end I.P then if you can't connect keep trying the next closest I.P. to see if you can telnet to that. This will determine if you SSL is working correctly (I suspect that it is, but this will provide better feedback about routing (http/https is more forgiving about latency than routing protocols so you generally can learn more by using tools like tracert, nslookup, ping and telnet.

    Regards,
    Steve
    ictus==""

  15. #15
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I can't seem to get the telnet to work properly....

    At first, I had to enable it on my computer (Windows 7). Now I can access it...happy days. The problem comes when I try to use a format that the prompt accepts.

    The prompt I see at the moment is "Microsoft Telnet> " I used the following format to check each IP from the tracert -

    o xxx.xxx.xxx.xxx [443]

    Each ip comes back with "CONNECTION FAILED"

    Did I use the proper syntax?

    Thanks!

    Dave

    Cheers,

    Dave

  16. #16
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In the mean time....I have also ensured AVG is uninstalled, turned off my firewall on my computer as well as turned off a firewall at the router.

    This is pretty strange. My knowledge about this is minimal though.

    Thanks,

    Dave

  17. #17
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by wisedave1 View Post
    I can't seem to get the telnet to work properly....

    At first, I had to enable it on my computer (Windows 7). Now I can access it...happy days. The problem comes when I try to use a format that the prompt accepts.

    The prompt I see at the moment is "Microsoft Telnet> " I used the following format to check each IP from the tracert -

    o xxx.xxx.xxx.xxx [443]

    Each ip comes back with "CONNECTION FAILED"

    Did I use the proper syntax?

    Thanks!

    Dave

    Cheers,

    Dave
    Hi Dave,

    Good going on getting it enabled

    it would be
    Code:
    telnet 195.66.237.1 443
    ictus==""

  18. #18
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Still having a bit of an issue with the format......

    CLICK HERE - I have made a SCREENR video to show you what I see.

    Thanks for taking an interest.

    Cheers,

    Dave

  19. #19
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Ok Dave,

    Legacy usage is not setup on your machine, which is ok, so issue the full command:

    1. Open command prompt then type:
      Code:
      telnet
    2. Once it connects to your telnet client then type
      Code:
      open 195.66.237.1 443
    3. You may need to open telnet as a super user but try 1 and 2 first.


    Regards,
    Steve
    ictus==""

  20. #20
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey Steve,

    OK....I tried what you recommended. The first IP I tried got the connection failed message. When I use the IP 77.246.38.189, I get the following message -

    "Connecting To 77.246.38.189... and a flashing cursor.

    It has had the flashing cursor for a few minutes now. When I type anything, it doesn't do anything...I can type what I want

    What does this tell us if anything?

    Thanks,

    Dave

  21. #21
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Hi Dave,

    This connecting message that never connects means that you can't connect to port 443 through all of the hops you see in the tracert; in other words you are not successful in you connection attempt.

    I would then start to do the same process for the closest I.P. on the tracert and see if you can connect. If you are unsuccessful then you may have a port forwarding problem in your or one of the downstream routers.

    Steve
    ictus==""

  22. #22
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey Steve,

    Which IP were you referring to? The 195.66.237.1 443 which is the failed one....or the 77.246.38.189 which is the one that I didn't get the error for and is also the last 'hop' in the screen shot.

    Many thanks!

    Dave

  23. #23
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by wisedave1 View Post
    Hey Steve,

    Which IP were you referring to? The 195.66.237.1 443 which is the failed one....or the 77.246.38.189 which is the one that I didn't get the error for and is also the last 'hop' in the screen shot.

    Many thanks!

    Dave
    First try 192.168.1.254 this likely the internal address of your router.

    Then if that passes try 217.47.214.186.


    The process is to go through them one by one to see if the connection fails somewhere at the beginning or the middle as we know that it is failing at the end.
    ictus==""

  24. #24
    SitePoint Enthusiast
    Join Date
    Jul 2012
    Location
    England
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    It looks like the second one (IP 217.47.214.186) gave me this first "Could not open connection to the host , on port 443: Connect failed

    Do I need to test the rest of these? Where do we go from here?

    Cheers,

    Dave

  25. #25
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    I would recommend that you get your collegue to try the same tracert and then subsequent telnet to see if your hops are resolving the same way. You do not need to do any more of these tests this shows that your not making past there with your request.
    ictus==""


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •