HI everybody,
I would like to run vsftpd with pasive mod but ft is runing only vith active mod.

my vsftpd.conf
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
pasv_enable=YES
#pasv_min_port=2000
#pasv_max_port=65534
pasv_address=my external IP
#connect_from_port_20=YES
vsftpd_log_file=/opt/var/log/vsftpd.log
idle_session_timeout=600
data_connection_timeout=120
ftpd_banner=hihi
banner_file=/etc/vsftpd_motd
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/opt/etc/vsftpd.chroot_list
user_config_dir=/opt/etc/vsftpd_user_conf
ls_recurse_enable=YES




this is runing with pasive mod only when my iptables alows everithing in INPUT

and with this is not runing.
#!/bin/sh
iptables -D INPUT -j DROP
iptables -P INPUT DROP
iptables -A INPUT -p tcp --dport auth -j REJECT

#ftp-vsftpd
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
#smtp&pop3
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
#www
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#ssh
iptables -A INPUT -p tcp --dport 22 -j ACCEPT


my iptables -L look like

 iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere           state INVALID
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state NEW
ACCEPT     all  --  anywhere             anywhere           state NEW
ACCEPT     tcp  --  anywhere             krakonosovo        tcp dpt:www
REJECT     tcp  --  anywhere             anywhere           tcp dpt:auth reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh

Please where is bug?
thx
 

HI,
I would like to know whether is normal that speed behind the router (LAN TO LAN) is only around 1M/s, is quite slowly, isn't it? Do you have higher speed in LAN?Where could be the problem?
wireless speed is around 1,2MB and wired around 2MB. But I think it is too slow it should be more,isn't it? Speed should be 54Mbit wireless and 100Mbit wired by optimal case?
Thanks a lot

Nono I didn't try OPEnwrt yet. I'm fear that is too hard for me.
IS on OPENwrt possible boot openwrt from usb stick?

Yes I know it. I tried to run on Oleg's .So I have to change to OPENWRT.
thx

Thanks very much it's great 
But I'm using oleg;s firmware and my problem is:

I can't to run XMCrypt to create password:
./XMCrypt haloo
./XMCrypt: can't load library 'libstdc++.so.6'

On my router is installed libstdc++

When I create password in windows so the same mistake is after running server

/opt/etc/init.d/S70xmail start
Starting XMail server: /opt/var/MailRoot/bin/XMail: can't load library 'libstdc++.so.6'

Can I fix it?

Something new about the tutorial??

Ok thanks it will be great. I'm looking forward to tutorial 

Hi,
is possible to run on asus any mail server?Is any tutorial for oleg's tutorial?I have domain blahblah.net  and I would like to create my email blahblah@blahblah.net. Is it possible?
thanks

try to connect with putty to asus and write command:
nvram set http_lanport=80
nvram commit

Now will be asus setup on port :80

For example i'm using fpt on my pc a ftp automaticly set upnp and everything works without change iptables and routing. But this icq havn't this feature. In icq i can chage range of port. So is possible to prerouting (or something like that) icq transfer in iptables to my pc?Or set upnp?
when in icq i have set range 65500-65504 and is listening on 5190.
I tried to add this to post-firewall but not works

iptables -A INPUT -p tcp --dport 5191 -j ACCEPT

iptables -A INPUT -p tcp --dport 65500:65504 -j ACCEPT

iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 5190 -j DNAT --to 192.168.1.2:5190
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 65500 -j DNAT --to 192.168.1.2:65500
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 65501 -j DNAT --to 192.168.1.2:65501
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 65502 -j DNAT --to 192.168.1.2:65502
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 65503 -j DNAT --to 192.168.1.2:65503
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 65504 -j DNAT --to 192.168.1.2:65504


thx for any idea

mod_auth

auth.debug                  = 0
auth.backend                = "htpasswd"                                                    -----type of auth
auth.backend.htpasswd.userfile = "/etc/htpasswd"                               -----path to htpasswd
#auth.backend.plain.groupfile = "lighttpd.group"
#auth.backend.ldap.hostname = "localhost"
#auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"
#auth.backend.ldap.filter   = "(uid=$)"

auth.require               = ( "/graf/" =>                                                      ----dir which will be locked
                               (
                                 "method"  => "basic",
                                 "realm"   => "graf",                                               ----- is a string to display in the dialog   
                                 "require" => "user=green"                                   ----- user -- must be in this form user=.....
                               )
                             )
after this you have to create file htpasswd --->   htpasswd -c htpasswd(name of file) user(name of user) and get it to dir from auth.backend.htpasswd.userfile

this works perfectly
any manual : http://trac.lighttpd.net/trac/wiki/Docs%3AModAuth

it was my bug now is everything work thanks.

yes, i'm using client SIM and without asus is working but behind  isn't.
tutorial from petri isn't possible because i have another client
thx

hi,
thanks but now i cant' enter to my page.It looks like bad user or password:
my conf:
 
auth.backend               = "htpasswd"
auth.backend.htpasswd.userfile = "/opt/share"                                               //path to htpasswd???

#auth.backend.plain.groupfile = "lighttpd.group"
#auth.backend.ldap.hostname = "localhost"
#auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"
#auth.backend.ldap.filter   = "(uid=$)"

auth.require               = ( "/graf" =>                                                    //path to my dir which a want to lock
                               (
                                 "method"  => "basic",
                                 "realm"   => "",                                    //dont'know
                                 "require" => "green"                                      //user
                               )
                            )
after i created  htpasswd to /opt/share - my htpasswd from promt looks :
green:anyhash;)

but i can't login to page:(

where is bug please??
thx

thx, i installed lighttpd + php and now works perfectly.
I would like to ask you if is possible to run htpasswd like at thttpd?(and sqlite3?)
thanks for your advice.