I think this is the problem:

Response: 227 Entering Passive Mode (192,168,2,21,78,51).

The server is telling the client to connect to a non internet routable IP. 
You need to configure the FTP server to masquerade its address.

See this documentation for proftpd:

http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-NAT.html



----- Original Message ----- 
From: "Danny Puckett" <dpuckett at comresource dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Tuesday, March 29, 2005 5:46 PM
Subject: [m0n0wall] PASV FTP


>I have been trying to get a PASV connection to an FTP server behind 
>m0n0wall
> and am not having much luck.  I have configured my PassivePortRange on the
> FTP server per MS article.
>
> http://support.microsoft.com/?id=555022
>
> I have NAT configured as
>
> WAN  TCP  21 (FTP)  192.168.2.21  21 (FTP)  FTPTEST
> WAN  TCP  20000-21000 (FTP)  192.168.2.21  20000-21000 (FTP)  PASSVTEST
>
> And Rules
>
> TCP  *  *  192.168.2.21  21 (FTP)  NAT FTPTEST
> TCP  *  *  192.168.2.21  20000 - 21000  NAT PASVTEST
>
> I am using FileZilla and I receive the following
>
> Response: 220-Microsoft FTP Service
> Response: 220 BI FTP Test Site
> Command: USER dpuckett
> Response: 331 Password required for dpuckett.
> Command: PASS **************
> Response: 230-Hello
> Response: 230 User dpuckett logged in.
> Command: FEAT
> Response: 211-FEAT
> Response:     SIZE
> Response:     MDTM
> Response: 211 END
> Command: SYST
> Response: 215 Windows_NT
> Status: Connected
> Status: Retrieving directory listing...
> Command: PWD
> Response: 257 "/" is current directory.
> Command: PASV
> Response: 227 Entering Passive Mode (192,168,2,21,78,51).
> Command: TYPE A
> Response: 200 Type set to A.
> Command: LIST
> Response: 425 Can't open data connection.
> Error: Could not retrieve directory listing
>
>
> Can anyone tell me what I am doing wrong?
> Thanks
>
>