Hint taken, Mark
.
I'm taking the liberty of attaching a file to this post. It's called dafirewall.txt includes two parts, ipchains and proftpd.conf.
The first part, ipchains is a copy of my ipchains file from my test DA box, and so far it seems to work. I don't use iptables yet.
The second part, proftpd.conf, is a replacement for the DA proftpd.conf, which makes use of the ten passive access ports for ftp I've left open in the ipchains file.
If you want more than ten users to be able to use passive ftp at the same time, then you'll have to modify both these files to use more unprivileged ports for ftp. I leave that as an exercise to the reader.
Since this forum only allows me to attach one file and I didn't want to put either you or I through having to deal with a zip file, I chose to put both files into one... the breaking point should be obvious.
(Note that these files were created on a Windows machine and should have their line-endings converted when you move them to you linux box or they won't work.)
You'll need to restart both proftpd and ipchains after you've made the file changes:
# /etc/rc.d/init.d/proftpd restart
and
# /etc/rc.d/init.d/ipchains restart
Jeff