> I have a NAT box between our FTP server and the Internet universe.
> [...problem...]

"Don't do that, then."  FTP, especially in PORT-using (non-PASV) mode,
is one of the protocols broken most severely by NAT, to the point that
a lot of NAT implementations have special-case kludges to rewrite the
control data stream on the fly to make it "work" in at least a minimal
sense.  To my mind, this "fixes" FTP-through-NAT in much the same way
that MSS clamping "fixes" a path MTU discovery black hole: it doesn't
actually fix the problem, just keeps it dormant for the moment.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B