TomatoUSB

I followed another thread (/forum/t-274551), and got encryption to work for vsftpd, but only in active mode. This is using tomato shibby:

Firewall:

iptables -I INPUT -p tcp --dport 60000:61000 -j ACCEPT

Vsftpd Custom Configuration:

ssl_enable=YES
allow_anon_ssl=NO
require_ssl_reuse=YES
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=NO
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/tmp/etc/cert.pem
rsa_private_key_file=/tmp/etc/key.pem

pasv_enable=YES
port_enable=YES
pasv_min_port=60000
pasv_max_port=61000

Encrypted active mode works, and unencrypted passive mode works. I've been fooling around with these settings and googling for a few hours. What have I missed?

Solved:

Do NOT forward port 21 to 192.168.1.1. I don't know why I had that set, but once removed SSL passive FTP worked immediately.