In cases where the local network uses official, routable address inside the firewall, I must confess I've had trouble making ftp-proxy work properly. When I'd already spent too much time on the problem, I was rather relieved to find a solution to this specific problen offered by a friendly Dutchman called Camiel Dobbelaar in the form of a daemon called ftpsesame.
Local networks using official addresses inside a firewall are apparently rare enough that I'll skip over any further treatment. If you need this and you are running OpenBSD 3.8 or earlier or one of the other PF enabled operating systems, you could do worse than installing ftpsesame.
On FreeBSD, ftpsesame is available through the ports system as ftp/ftpsesame. Alternatively you can download ftpsesame from Sentia at http://www.sentia.org/projects/ftpsesame/.
Once installed and running, ftpsesame hooks into your rule set via an anchor, a named sub-ruleset. The documentation consists of a man page with examples which you can more likely than not simply copy and paste.
ftpsesame never made it into the base system, and Camiel went on to write a new solution to the same set of problems.
The new program, at first called pftpx, is available from http://www.sentia.org/downloads/pftpx-0.8.tar.gz and through the FreeBSD ports system as ftp/pftpx. pftpx comes with a fairly complete and well written man page to get you started.
A further developed version, suitably renamed as the new ftp-proxy, became a part of the the OpenBSD base system in time for the OpenBSD 3.9. The new program, /usr/sbin/ftp-proxy, and how to set it up, is described in the Section called ftp-proxy, new style below.