Arch Linux - iptables and passive ftp

I am having a lot of trouble getting passive ftp working nicely with iptables. Before anyone replies, I am not looking for an alternative to ftp. I know of alternatives, but I require ftp.

These are my firewall rules.

iptables -N TCP
iptables -N UDP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-rst
iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable
iptables -A TCP -p tcp --dport 41144 -j ACCEPT
iptables -A TCP -p tcp --dport 443 -j ACCEPT
iptables -A TCP -p tcp --dport 80 -j ACCEPT
iptables -A TCP -p tcp --dport 25 -j ACCEPT
iptables -A TCP -p tcp --dport 22 -j ACCEPT
iptables -A TCP -p tcp --dport 21 -j ACCEPT
iptables -A UDP -p udp --dport 443 -j ACCEPT
iptables -A UDP -p udp --dport 80 -j ACCEPT

I have verified via /proc/config.gz that the modules needed are loaded. Such as nfconntrackftp.

With iptables turned off, ftp works without problems. With iptables turned on, ftp passive mode does not work.

I created a conf file in /etc/modprobe.d/ called ipconntrackftp.conf and added the following:

options nf_conntrack_ftp ports=21
options nf_nat_ftp ports=21
options ip_conntrack_ftp ports=21
options ip_nat_ftp ports=21

Nothing seems get passive port working. I can see the ftp port connection listening with "netstat -tapn" when my ftp client initiates a PASV connection. But it just hangs.

I would like to get this working without having to open the full range of PASV ports. Any suggestions would be appreciated.