I've been testing an issue with FTP Active transfers recently and I've narrowed down a problem.
On my GRSEC enabled kernel, FTP Active transfers fail to establish on Privileged ports. Using identical configurations, and binding to a high port, the transfer works. Using the identical configurations on a non GRSEC kernel works.
However, I both need the default ftp ports & grsec.
I have contemplated using iptables REDIRECTs to transparently map the default port to a higher port, but this doesn't work in IPv6 due to the removal of the NAT functionality.
I look forward to suggestions.
Try to add a new rule (or modify an existing one) similar to this one to your grsecurity configuration file: