ftp-proxy will only work for clients who connect through the machine:
- incoming ftp traffic entering on the external interface
For example when you run a ftp server
- local lan client ftp traffic entering on the internal interface.
For allowing ftp connections initiated by the ftp-proxy box, itself you have to open port 21 for the ftp command channel. The ftp data channel need ports >1024.
If you don't want to leave such a wide range of ports open you could use a pf 'anchor' to temporarily open this >1024 range. Or you could only open this range for a small selection of ftp servers, for example some of he nearest by OpenBSD ftp mirrors.
I