Firehol and vsFTPd

I'm securing my linode. I'm using Firehol. But I don't manage to get vsFTPd working trough the firewall.

Here is my firehol.conf:

version 5
FIREHOL_LOG_LEVEL=4

interface eth0 internet
 protection strong
 server "http ftp smtp http imap ping time ssh" accept
 server custom ssh tcp/6187 default accept
 server ident reject with tcp-reset
 server any nolog drop
 client "ftp http https dhcp dns smtp time ping whois" accept
 server_dhcpclient_ports="udp/67"
 client_dhcpclient_ports="default"

It works when I add "server all accept", but without accepting all the server connections, it hangs when setting the passive connection to get the dirlist:

> Response: 200 Switching to ASCII mode.

Command: PASV

Response: 227 Entering Passive Mode (70,85,129,231,178,79)

Command: LIST -a

Error: Timeout detected!

Error: Could not retrieve directory listing

Some vsftpsettings:

listen=YES
connect_from_port_20=YES
ssl_enable=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES

(So I want passive sftp)

I know that port 20 (ftp-data), 21 and a lot of high-number ports need to be free..

But when I open port 20 with "server custom ftp-data tcp/21 default accept" it still doesn't work..

On the official firehol website I only found this:
> Server Ports many

Client Ports many

Note: The FTP service matches both active and passive FTP connections by utilizing the FTP connection tracker kernel module.

I'm running Debian Small Unstable..

Could some give me a hint what to do?

Thanks in advantage!