People setting up new FTP servers on non-standard ports (say, 5001 instead of 21)… here’s how to get around it with ip_conntrack_ftp:

In /etc/modprobe.d/conntrack.conf:

options nf_conntrack_ftp ports=21,5001