Edit :
After reading the
difference between active and passive, I think the port 20 was needed by yourself as a client, not as a server, because you couldn't accept incoming data connection from the server on port 20.
The active or passive mode is initiated by the client.
Active :
client:1024 > connect > server:21
server:21 > ask connection method > client:1024
client:1024 > ACT > server:21
server20 > send data > client:20,
client has to accept incoming connection on server_port-1
(You opened port-1, as a client you could connect to your server, but other client will have to do the same)
Advantage : you open only port 21 (and maybe port-1)
Disadvantage : client must open server_port-1 too.
Passive :
client:1024 > connect > server:21
server:21 > ask connection method > client:1024
client:1024 > PASV > server:21
server:21 > please use port 1254 > client:1024
client:1025(port+1) > connect > server:1254,
server has to accept incoming connection on port 1254
Advantage : clients won't have to open any port.
Disadvantage : server has to define acceptable ports ranges for incoming connections (open them in the router). the range should be configurable in your ftp server.
If you want many users to use your ftp, you should allow passive mode, and set a range of accepted ports.
else, you will have to tell users to open 5677. (it can be a protection though, but I think hackers know that they have to open port-1)
Here is a tutorial to set passive mode on IIS :
http://www.velikan.net/iis-passive-ftp/