First, the firewall. I started off with "Firewall configuration for the Transaction Platform Traffic", a slender 1-page document that tells me which ports and which IP addresses I have to allow.
And that gave me the first set of problems. The server that handles this stuff called, imaginatively, DATA1) is behind a firewall, a "Sonicwall". And the Sonicwall firmware for the device I use, only allows 20 firewall rules, which is really puny. I guess they want me to buy their heavyweight model.
But from the documentation, it looked like I had to allow inbound traffic from four IP addresses to two ports, and outbound traffic from two ports to four ranges of IP addresses, and the poor little Sonicwall wasn't going to be able to handle so many rules.
So I swapped the Sonicwall for a Cisco Pix, which doesn't have a silly limitation like that.
And then I couldn't contact DATA1. Eventaually, I realised that, as I'd changed the firewall, it had a different IP address, so I had to change the gateway address for DATA1. Then I found that I could contact DATA1 but only from some computers, and it was a while before I realised that I had to flush the ARP cache, and now I could log in to DATA1.
And then I couldn't get DATA1, to contact the outside world. It could do that when it was behind the Sonicwall, and other servers connected to the same firewall could contact the outside world, but this one could not. And I never did work out why. I spent a good few hours fighting this, before finally deciding to put DATA1 behind a different Pix (and change the Gateway, and the Hosts file, and flush the ARP) and then it worked. I could contact the outside world. Hurrah.
So then I told the Pix to allow access from the four IP addresses and two ports to DATA1, and to allow stuff outbound, and at last, AT LAST, I was ready to tackle the real job.
Now I needed to write the code to format the data for a billing and send it to the BMS server via the right protocols