Yes, if you define
pasv_min_port=15000
pasv_min_port=15000
You have to forward the port 15000 in your router
if
pasv_min_port=42563
pasv_min_port=42563
You have to forward the port 42563 in your router,aso...
or other exemple you can define a range
pasv_min_port=15000
pasv_min_port=15005
You have to forward the port 15000 to 15005 in your router
The only thing important is that the port number must be > 1024
To resume, ssl connection is done with the "passive" port of a normal connection
Remarque:
If you define only one port like I have done, you will be able to connect several client at the same time thrue this single port, no need to open one port per client!
So now my client connect to mydomain:21 and ssl encryption is done thrue 15000 port
My router forward port 21/15000 to my server 192.168.1.254
I use also webdrive for the connection that work great!!!
Webdrive
http://www.southrivertech.com/images/wd/mapdesktop.gif