As a general troubleshooting aid, enable DoorStop's logging for allowed and denied accesses. Log file entries can give useful troubleshooting clues. The log file is also useful to see who has attempted to access what services, and spot possible security violations.

I installed and activated DoorStop, and now no one can access any services on the machine.

• By default, all services are initially protected from any access. Using methods described in Changing Access to a Service, you must specify access to a service before it will be accessible.

I installed and activated DoorStop, and now no one can access a particular service on the machine.

• If the service has an entry in DoorStop's services list, confirm that the entry allows access to the service from one or more clients.
• If the service does not have an entry in DoorStop's service list, either create an entry for the service or make sure the "All others" service entry allows access to the service from the desired clients.
• Check to make sure that the service itself is configured to allow access.

I installed and activated DoorStop, and now a particular user cannot access a particular service on the machine.

• If the service has an entry in DoorStop's services list, make sure that it allows access from the particular user's IP address.
• If the service does not have an entry in DoorStop's service list, either create an entry for the service or make sure the "All others" service entry allows access from the user's IP address.
• Check to make sure that the service itself is configured to allow access by the user.

I installed and activated DoorStop, but all accesses to the machine are being allowed.

• Be sure DoorStop is running, as indicated in DoorStop Admin or in the Control Strip.
• Be sure the DoorStop extension has loaded at startup.
• Be sure the accesses are being made over TCP, not AppleTalk or another protocol.

I installed and activated DoorStop, but all accesses to a particular service are being allowed.

• If the service has an entry in DoorStop's services list, check its permissions.
• If the service does not have an entry in DoorStop's service list, check the permissions in the "All others" service entry.
• Be sure accesses to that server are being made over TCP (or UDP if you've enabled UDP protection, and the UDP port range includes the service's port), not AppleTalk or another protocol. Contact the server's manufacturer to be sure.

With DoorStop active, I'm having problems with a particular application (FTP, Timbuktu, an email client, etc.).

• See the Application-specific Appendix for details.

With DoorStop active, I'm having problems downloading files from a Web site.

OR

With DoorStop active, I'm having problems with Symantec's LiveUpdate (or other online utilities).

• The problem may have to do with FTP (File Transfer Protocol), a protocol commonly used for transferring files. As one option, from the Control Strip, choose "Stop DoorStop, restart later...", specify a delay period, and then (within the specified period) start downloading the file. DoorStop only needs to be off for the file transfer to begin; if you are downloading several files at once, DoorStop must be off until the last file starts downloading. For details, see the Application-specific Appendix.

The DoorStop extension is not loading at startup.

• Be sure the extension has not been disabled with the extensions manager.
• Be sure you are running on Mac OS 8.1 or later.

AppleTalk accesses to my File Sharing (or other services) are still being allowed.

• DoorStop only prevents accesses over TCP or, optionally, UDP.

My Macintosh is still answering pings.

• DoorStop only prevents accesses over TCP or, optionally, UDP. Ping does not use TCP or UDP.

I configured DoorStop to notify me of (and/or log) access attempts, but it doesn't work.

• Confirm that the right checkboxes have been checked in the "Logging and Notification..." dialog.
• If a notification alert is displayed, no further notification will take place until the current alert is dismissed.
• If the DoorStop machine is running an OS prior to Mac OS 9, and the "Load only when needed" checkbox has been checked in the TCP/IP Control Panel (click the Options button), and no application on the DoorStop machine has caused TCP/IP to be loaded, DoorStop's logging and notification mechanisms will not work. To enable logging and notification, you can run an application on the DoorStop machine which causes TCP/IP to be loaded, or you can uncheck the "Load only when needed" checkbox in the TCP/IP Control Panel (there may be a delay of up to a minute before the change takes effect).

DoorStop seems to log some access attempts, but not all.

• Be sure DoorStop is configured to log the kinds of access attempts you're interested in (denied, allowed, or both).
• When your machine receives a large number of access attempts in a short period, DoorStop will eliminate some duplicate lines from the log file. "Duplicate" means the same date, time, result, client IP address, and service.
• If you've enabled UDP protection, DoorStop will only log access attempts to UDP ports which are in active use by a particular application. Additionally, DoorStop will only log access attempts to UDP ports that you have protected through the Preferences dialog.

I want to define access for a service, but I don't know the port number the service uses.

• The New Service dialog includes a popup with popular port numbers. If the server is not in the list, check the Port Numbers Appendix or contact the server manufacturer.

I quit DoorStop Admin but DoorStop is still operational.

• Access to services is controlled by the DoorStop extension, and is not affected by launching or quitting DoorStop Admin. To turn off access control, use the Stop/Start button at the top of DoorStop's Admin window, or use the Control Strip.

DoorStop Admin will not let me stop or start DoorStop, or make changes.

• DoorStop's Preferences file cannot be written to. Under Mac OS 9, a user logged on with limited privileges cannot write to the system preferences folder, where DoorStop's preferences are stored, and thus will not be able to make changes to DoorStop's configuration.

I enabled UDP protection and now I can't access the Web or my email.

• You have probably affected a low-level service that your Mac needs to perform day-to-day Internet operations. Possibilities include:
  • DHCP. Check the TCP/IP control panel to see if your Mac is configured to get its IP address using DHCP. If so, DoorStop will have automatically created a service entry for DHCP; you must edit that service entry to allow the DHCP server to access your machine. Use the DHCP server's IP address, as shown in the Access History window, log file, or notification alert.
  • DNS. Just about any outgoing Internet operation requires DNS, which converts host names like www.opendoor.com to IP addresses. Check to make sure that you are not blocking the dynamic ports used by DNS (usually ports 32768 or higher).

I enabled UDP protection and the log file now has many more entries.

• Since UDP is a connectionless protocol, DoorStop protects services by potentially blocking every packet destined for those services. It also logs each such packet if configured to do so. You may well wish to disable logging of allowed accesses, to minimize the amount of information logged.

I enabled UDP protection and now the Date & Time control panel gets an error trying to talk to the Time Server.

• You need create a service entry to grant the time server access to port 123, the Network Time Protocol port.

There is no DoorStop icon in my Control Strip.

• Be sure the DoorStop Control Strip file is in the Control Strip folder in the system folder.
• The DoorStop Control Strip requires Mac OS 8.5 or later. It will not be installed or run on Mac OS 8.1.

When I try to start DoorStop protection from the Control Strip, it just beeps.

• The Control Strip will not allow DoorStop protection to be turned on if DoorStop has expired. You must purchase and enter a valid serial number to continue using DoorStop. You can purchase a serial number from our order page, or use the Purchase button in DoorStop Admin's About box or startup splash screen. See Serial Numbers for details on entering a serial number.

The Access History window is not showing new accesses to my machine.

• Be sure you have enabled logging of denied and/or allowed access attempts, as desired. The Access History window only shows information on accesses that are logged.

Back to Table of Contents
Back to Using DoorStop - Advanced Mode
Forward to Appendixes