When you are using a FTP server you can connect using either Active or Passive connections. Each has advantages and disadvantages. When you set up FTP, in this example using VSFTPD, you need to make this connection decision. Active connections are safest for the server but at times may not work for some clients. Passive connections may not be the safest for the server but usually work well for the clients. In addition, these factors must be taken into account with the firewall. This is where connection tracking can be helpful.
More: continued here