Due to to the way ftp-proxy works, you cannot use ftp on the router itself. Ftp traffic passing through the internal router interface is redirected to ftp-proxy for handling. Ftp connections originated from the router itself go out directly through the external interface, thus bypassing ftp-proxy
If you want to use ftp on the router you could create an anchor and temporarily attach two rules to it
- pass out tcp traffic originating from the external public address with destination port 21
This rule will handle the ftp command channel
- pass out tcp traffic originating from the external public address to any IP address with destination ports >1023
This rule will take care of the ftp data channel connections (for passive ftp)