Can anyone possibly explain why the following setup would cause ProftpD to reject all relevant packets(for instance when a user does a LIST command they can't build a data socket). I thought the conntrack and/or state matching took care of this?

FTPD: ProFTPD
Firewall Ruleset:
/sbin/modprobe ip_conntrack_ftp ports=21,2000
/sbin/modprobe ip_nat_ftp ports=21,2000

iptables -P INPUT DENY
iptables -A INPUT -p tcp --dport 2000 -j ACCEPT # Daemon port
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -j LOG --log-prefix "Netfilter(tcp): "

Here's the errors:
Nov 30 13:55:44 ns kernel: Netfilter(tcp): IN=ppp0 OUT= MAC= SRC=<omitted> DST=<omitted> LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=61309 DF PROTO=TCP SPT=22424 DPT=37694 WINDOW=64952 RES=0x00 ACK URGP=0

Nov 30 13:55:44 ns kernel: Netfilter(tcp): IN=ppp0 OUT= MAC= SRC=<omitted> DST=<omitted> LEN=1312 TOS=0x00 PREC=0x00 TTL=112 ID=61310 DF PROTO=TCP SPT=22424 DPT=37694 WINDOW=64952 RES=0x00 ACK PSH URGP=0

Nov 30 13:55:44 ns kernel: Netfilter(tcp): IN=ppp0 OUT= MAC= SRC=<omitted> DST=<omitted> LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=61311 DF PROTO=TCP SPT=22424 DPT=37694 WINDOW=64952 RES=0x00 ACK URGP=0