As a general troubleshooting aid, enable DoorStop X's logging for allowed and denied accesses. Log file entries may give useful troubleshooting clues.

I installed and activated DoorStop X, and now no one can access any services on the machine.

• By default, all services are initially protected from any access. Using methods described in Protecting a Service, you must specify access to a service before it will be accessible. (12, Configuring a Personal Firewall)

I installed and activated DoorStop X, and now no one can access a particular service on the machine.

• If the service has an entry in the services list of the Setup window, confirm that the entry allows access to the service from one or more clients. (12, Configuring a Personal Firewall)
• If the service does not have an entry in the services list of the Setup window, either create an entry for the service or make sure the "All others" service entry allows access to the service from the desired clients. (12, Configuring a Personal Firewall)
• Check to make sure that the service itself is configured to allow access. For example, if no one can access File Sharing, make sure that File Sharing itself is enabled.

I installed and activated DoorStop X, and now a particular user cannot access a particular service on the machine.

• If the service has an entry in the services list of the Setup window, make sure that it allows access from the particular user's IP address. (12, Configuring a Personal Firewall)
• If the service does not have an entry in the services list of the Setup window, either create an entry for the service or make sure the "All others" service entry allows access from the user's IP address. (12, Configuring a Personal Firewall)
• Check to make sure that the service itself is configured to allow access by the user. For example, if no one can access File Sharing, make sure that File Sharing itself is enabled.

I installed and activated DoorStop X, but all accesses to the machine are being allowed.

• Be sure DoorStop is enabled, as indicated in DoorStop's Setup window. (12, Configuring a Personal Firewall)
• Be sure the accesses are being made over TCP, not another protocol. (6, Protocols)
• There may be a third-party firewall running, or you may need to uninstall such a firewall. Be sure you have both turned off and uninstalled any third-party firewall you installed previously. In particular, if you previously installed the Norton Personal Firewall, see http://www.opendoor.com/doorstop/NPF.html.

I installed and activated DoorStop X, but all accesses to a particular service are being allowed.

• If the service has an entry in DoorStop's services list, check its permissions. (12, Configuring a Personal Firewall)
• If the service does not have an entry in the services list of the Setup window, check the permissions in the "All others" service entry. (12, Configuring a Personal Firewall)
• Be sure accesses to that server are being made over TCP (or UDP if you've enabled UDP protection, and the UDP port range includes the service's port), not another protocol. Contact the server's manufacturer to be sure. (6, Protocols)

With DoorStop X active, I'm having problems with a particular application.

• Most network applications' documentation will have a section on how to use that application with a firewall. Also take a look at Configuration Tips.

I've installed and configured DoorStop X, but I'm getting unpredictable results.

• There may be a third-party firewall running, or you may need to uninstall such a firewall. Be sure you have both turned off and uninstalled any third-party firewall you installed previously. In particular, if you previously installed the Norton Personal Firewall, see http://www.opendoor.com/doorstop/NPF.html.

DoorStop X warns me that another firewall is running, but I can't find one.

• Check that OS X's built-in firewall (12, Mac OS X's Built-in Firewall) is not running. If it is, turn it off.
• Check for third-party firewalls on your machine. If there are any, turn them off and then uninstall them.
• Some applications and services install their own firewall rules, making it look like there's another firewall running. Such applications and services include Virtual PC, Internet Sharing and Tiger Server. In these cases, you may need to ignore DoorStop's warning.

iTunes, iPhoto or another application claims a firewall is blocking a port it needs, but DoorStop X is configured to allow access to that port.

• Certain applications incorrectly look at the status of the Mac OS X built-in firewall (in the Sharing Preference pane) to determine if a port they need is blocked. The message is erroneous.
• The system thinks the built-in firewall is still on. To turn it off, you need to first turn off DoorStop X, then turn off the built-in firewall, then re-enable DoorStop X. You should no longer see the erroneous error message.

With DoorStop X active, I'm having problems downloading files from a Web site.

OR

With DoorStop X active, I'm having problems with Symantec's LiveUpdate (or other online utilities).

• The problem may have to do with FTP (File Transfer Protocol), a protocol commonly used for transferring files. Be sure you've selected PASV mode in the Network pane of System Preferences. Alternately, you can disable DoorStop temporarily. DoorStop only needs to be off for the file transfer to begin; if you are downloading several files at once, DoorStop must be off until the last file starts downloading. For details, see Configuration Tips.

My Macintosh is still answering pings.

• By default, DoorStop allows access to pings. Unless you have a specific reason to block pings, and understand the consequences, you should not block them. See Stealth mode for further details. (12, Configuring a Personal Firewall)

I configured DoorStop X to log access attempts, but it doesn't work.

• Confirm that the right checkboxes have been checked in the Logging pane of DoorStop's Preferences dialog.
• Make sure you're looking in the right location for the log file: /Library/Preferences/WhosThere.log. For further details on logging, see Logging.
• Be sure that access attempts are getting through to the machine on which DoorStop is running (for instance by accessing a service on that machine).
• There may be a third-party firewall running, or you may need to uninstall such a firewall. Be sure you have both turned off and uninstalled any third-party firewall you installed previously. In particular, if you previously installed the Norton Personal Firewall, see http://www.opendoor.com/doorstop/NPF.html.
• See the next troubleshooting item below.

When I run DoorStop X, I get an error message "DoorStop X cannot set up your Macintosh for logging. The firewall can operate, but firewall logging may not take place or appear in the correct file."

• This error occurs if DoorStop X is unable to open the file /etc/syslog.conf. Using the Finder's "Go -> Go to folder..." menu item, go to directory /etc, select the file syslog.conf, and use the Finder's "File -> Get Info..." command. If the file is locked, unlock it. Also confirm that syslog.conf is owned by "system" (Read & Write), belongs to group "wheel" (Read only), and has permission "Read only" for "Others".

DoorStop X seems to log some access attempts, but not all.

• Check the Logging pane of DoorStop's Preferences dialog to be sure DoorStop is configured to log the kinds of access attempts want (denied, allowed, or both).
• When your machine receives a large number of access attempts in a short period, DoorStop will eliminate some duplicate lines (same date, time, ipfw rule, client IP address, and service) from the log file.

I quit the DoorStop X application, but DoorStop is still operational.

• Access to services is controlled by the built-in firewall technology of Mac OS X ("ipfw"), and is not affected by launching or quitting the DoorStop application. To turn off access control, use the Stop/Start button at the top of DoorStop's Setup window.

I enabled UDP protection and now I can't access the Web or my email. (6, Protocols)

• You have probably affected a low-level service that your Mac needs to perform day-to-day Internet operations. Possibilities include:
  • DHCP. Check the Network System Preferences window to see if your Mac is configured to get its IP address using DHCP. If so, you need to have a service entry to allow access to DHCP (UDP ports 67 and 68). If, when you enabled UDP protection, you chose to have DoorStop add filters for common UDP services, DoorStop should have created an unprotected service entry for DHCP; otherwise, you'll need to create such an entry manually, and edit that service entry to allow the DHCP server to access your machine. Use the DHCP server's IP address, as shown in the log file, or as displayed by Who's There? Firewall Advisor.
  • DNS. Just about any outgoing Internet operation requires DNS, which converts host names like www.opendoor.com to IP addresses. Check to make sure that you are not blocking the dynamic ports used by DNS (usually ports 32768 or higher).

I enabled UDP protection and now the Date & Time pane of System Preferences gets an error trying to talk to the Time Server. (6, Protocols)

• You need to have a service entry to allow access to Date & Time (UDP port 123). If, when you enabled UDP protection, you chose to have DoorStop add filters for common UDP services, DoorStop should have created an unprotected service entry for Date & Time; otherwise, you'll need to create such an emery manually, and edit that service entry to allow the time server to access your machine. Use the time server's IP address, as shown in the log file, or as displayed by Who's There? Firewall Advisor. Note that the technical term for Date & Time is Network Time Protocol (NTP).

I enabled UDP protection and the log file now has many more entries. (6, Protocols)

• Since UDP is a connectionless protocol, DoorStop protects services by potentially blocking every packet destined for those services. It also logs each such packet if configured to do so. You may wish to disable logging of allowed accesses, or all UDP logging, to minimize the amount of information logged.

I want to define access for a service, but I don't know the port number the service uses. (6, Port Numbers)

• If a service is not in the Service Information dialog list, try checking the "Include server ports" check box. Also, if the service is UDP based, turn on UDP protection through the Preferences dialog,
• Check Open Door's port number list.

It's very hard to interpret DoorStop X's log file. (13, Introduction)

• Firewall log files are, by their very nature, hard to read. Log lines are terse, and there are often a lot of them. Special applications, such as Open Door's Who's There? Firewall Advisor can help make sense of firewall log files, by sorting and summarizing data, making it easier to see patterns in access attempts that may point to attempted security violations. Who's There? 2.0 and later is integrated with DoorStop X through DoorStop's Log menu. Free 30-day evaluation copies of Who's There? are available.

I'm having problems with an application that uses ipv6. (6, Protocols)
OR
Users on other machines can't contact my machine using ipv6.

• Since ipv6 is so rarely used, DoorStop blocks all access attempts made using ipv6.

I'm trying to add a custom icon to a service, but it won't paste.

• Custom icons work only with custom services that DoorStop does nor otherwise know about. That is, the service is not in the list of default protected services, and it's not in the Service Information list.
• If you have already pasted in a custom icon and are trying to paste in another, you need to delete the first icon and then add the second.

I've added a custom icon to a service, but Who's There? isn't displaying it.

• Be sure you are using version 2.0 or later of Who's There?
• You need to quit and restart Who's There? after adding a custom icon to DoorStop.

When I try using the Log commands to have Who's There? display log information, nothing happens
OR
The Log commands do not appear in the Log menu.

• Be sure you have only one copy of Who's There? on your drive or any mounted drives, and that the one copy is version 1.1 or later.

From the Log menu I request a summary for a particular service (or IP address), but when Who's There? displays its "Summary by ..." window, nothing is displayed for the service (or IP address) I requested.

• There are no lines in the current log file containing the service (or IP address) you requested.

Back to Table of Contents
Back to Advanced Topics
Forward to Appendices