The usual case is ftp clients behind a NATing firewall, allowing active data connections back from the server to the client. ftp-proxy inspects and modifies the control connection stream so the server makes active data connections to the firewall's address, and then connects to the client and forwards the data.
If it's the ftp server behind the firewall, you want to modify 227 replies from the server and proxy passive data connections instead. The man page implies that ftp-proxy proxies passive mode data connections as standard (unless -n is specified). Are we talking at cross purposes here? The FTP server has a real, routable IP address. No NAT involved. I don't see why I would need to do anything special. -roy
