You need to enable connection tracking. I use Redhat as a firewall also.. The is a great set of scripts that handles all of this type of stuff and some Denial Of Service stuff.
http://muse.linuxmafia.org/gshield/
If that is not to your likeing make sure that you load the ftp_conntract_ftp module and do stateful packet inspection.
I don't think gshield get enough press. It has got some good stuff.
Crap. qwijibow beat me to the punch.