FTP uses two ports, one for control and one for data. The client initiates a session on the server's control port (tcp:21), then the server initiates a session to the client from its data port (tcp:20). You just need to allow port 21 inbound, the port 20 session is established outbound to the requesting client.