i am running pix 5.3(1) and i recently changed all conduit permit statements to access-lists. the problem i am now having is that when i try to access my ftp server on my internal network from outside i can not get through the pix. this setup was working before the change. below is a partial config. anyone have any suggestions?

PIX Version 5.3(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol sqlnet 1521

fixup protocol sip 5060

access-list 101 permit tcp any host 63.142.xxx.xxx eq www

access-list 101 permit tcp any host 63.142.xxx.xxx eq ftp

access-list 101 permit tcp any host 63.142.xxx.xxx eq telnet

access-list 101 permit tcp any host 63.142.xxx.xxx eq smtp

access-list 101 permit tcp any host 63.142.xxx.xxx eq pop3

access-list 101 permit tcp any host 63.142.xxx.xxx eq 9010

access-list 101 permit tcp any host 63.142.xxx.xxx eq 8001

access-list 101 permit tcp any host 65.36.xxx.xxx eq ftp

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto shutdown

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip address outside 63.142.xxx.xxx 255.255.xxx.xxx

ip address inside 10.2.8.1 255.255.255.0

ip address dmz 127.0.0.1 255.255.255.255

global (outside) 1 63.142.xxx.xxx-63.142.xxx.xxx netmask 255.255.255.240

global (outside) 1 63.142.xxx.xxx netmask 255.255.255.240

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 63.142.xxx.xxx 10.2.8.15 netmask 255.255.255.255 0 0

static (inside,outside) 63.142.xxx.xxx 10.2.8.19 netmask 255.255.255.255 0 0

static (inside,outside) 65.36.xxx.xxx 10.3.8.11 netmask 255.255.255.255 0 0

static (inside,outside) 63.142.xxx.xxx 10.2.8.13 netmask 255.255.255.255 0 0

access-group 101 in interface outside

route outside 0.0.0.0 0.0.0.0 63.142.xxx.xxx 1

route inside 10.1.8.0 255.255.255.0 10.2.8.10 1

route inside 10.3.8.0 255.255.255.0 10.2.8.10 1

thanks