ftp-proxy is written for a firewall box with two interfaces. It will not work with one interface.
To protect your box with one interface you could use a table containing the ftp servers you want to talk to. Then write some rules to allow out-going passive ftp to these servers.
You need two rules, one for the ftp command channel, and an other one for the ftp data channel.
- client source port >1023 -> server: port 21 (ftp command channel)
- client source port >1023 --> server port >1023 (ftp data channel)
I have done this one my workstation. Unfortunately I just moved house and I haven't unpacked that one yet, else I would posted the rules