Firewall/NAT

I hve a monowall firewall in a DMZ handling many servers.
I have been able to allow sftp ftp passive and other protocols but active ftp will not work
I think I have ports 20 and 21 open I am using VSFTP on my side, I have tried many different clients to connect
but none seem to work. here is my question does anyone have an example as to how they have setup the monowall to handle ftp both active and passive. O any ideas as to how to see what is going wrong on the firewall? Everything seems to work within my network

FTP can be problematic once NAT becomes involved.

In many cases, without some type of helper proxy being used, it may never work if both the FTP client and FTP server are running behind NAT. Typical symptoms of this are that the control connection can be established but the data connection fails.

See http://slacksite.com/other/ftp.html   and

http://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified