At some point, Canonical, the folks behind the Ubuntu Linux distribution that we use on most of our servers, opted to move where firewalld looks for iptables, iptables-restore, ip6tables, and ip6tables-restore from /sbin to /usr/sbin but neglected to move the actual commands there, thus causing firewalld to fail upon startup.  And rather than no firewall being started it seemed to result in random ports being blocked.

     This condition broke the ftp server ftp.eskimo.com so that it would not function in active mode and sometimes not even in passive mode.  This has been repaired.

     If you are sitting behind NAT on a personal home router and do not have a static IP, you still may need to use passive mode but at least that will work now.

     I also want to remind people that IF you have a public incoming or uploads directory, the mode must NOT offer public read permissions or it will not work.  Our ftp daemon will not allow the use of mode 777 directories since this is used and abused to distribute viruses, pirated software, child porn, and other nefarious content.  Instead these directories should be mode 733, chmod 733 incoming.