It's been a while since I set one up, but here's the gist of it and you'll want to ensure the rules are present before the typically found -j REJECT at the end of the INPUT chain. For ftp as you describe, I believe you'll need 20 & 21, ESTABLISHED & RELATED, and the nf_conntrack_ftp module. You may have some combination of this already satisfied. The good news is we at least know it is firewall related since you can disable netfilter rules and it works.
iptables -A INPUT -m tcp -p tcp -m multiport --dports 20,21 -m state --state NEW -j ACCEPT -m comment --comment " FTP Server "
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
If that works, you can add the nf_conntrack_ftp to /etc/sysconfig/iptables-config in the IPTABLES_MODULES="" variable, so it is loaded when iptables/netfilter rules are applied.