Ftp – Client can not view FTP directory Windows FTP error 421

I am running Windows FTP server on 2003 machine. It is running in passive mode. I have set the passive ports to be 5500 – 5520.

On The firewall I have opened ports TCP 21 and 5500 – 5520.

The scope is set to everyone.

the problem I am having one of my clients can not view the folders when the firewall is up. If I drop the firewall it works for her. I can however connect and see the files and folders (using same login details, but a different location).

Here is the logs when she tries to connect:

2010-06-28 14:10:12 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [186]USER gandgadmin - 331 0 0 0 0 FTP - - - -
2010-06-28 14:10:12 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [186]PASS - - 230 0 0 0 0 FTP - - - -
2010-06-28 14:12:36 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [185]closed - - 421 121 0 0 161438 FTP - - - -
2010-06-28 14:13:43 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [187]USER gandgadmin - 331 0 0 0 0 FTP - - - -
2010-06-28 14:13:43 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [187]PASS - - 230 0 0 0 0 FTP - - - -
2010-06-28 14:14:20 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [188]USER gandgadmin - 331 0 0 0 0 FTP - - - -
2010-06-28 14:14:20 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [188]PASS - - 230 0 0 0 0 FTP - - - -
2010-06-28 14:15:08 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [189]USER gandgadmin - 331 0 0 0 0 FTP - - - -
2010-06-28 14:15:08 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [189]PASS - - 230 0 0 0 0 FTP - - - -
2010-06-28 14:15:53 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [188]QUIT - - 226 0 0 0 0 FTP - - - -

2010-06-28 14:16:44 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [190]USER gandgadmin – 331 0 0 0 0 FTP – – – –
2010-06-28 14:16:44 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [190]PASS – – 230 0 0 0 0 FTP – – – –
2010-06-28 14:19:36 84.201.189.58 gandgadmin MSFTPSVC1 NTDD2761 62.128.131.128 21 [190]closed – – 421 121 0 0 171969 FTP – – – –

I have got her using FileZilla client and walked her through the details via the phone and had her tech guy look at it and all seems ok, (can not go to her office and remote assistance doesn't seem an option with their firewall etc).

To would seem she authenticates but can not view the file structure.

Does anyone have an idea how to fix this without having to drop the firewall please?

EDIT 1

So, the firewall was not logging before and took a while to get the user to retest it, here are a few exerts from the firewall on her IP:

2010-06-29 16:30:23 OPEN-INBOUND TCP 84.201.189.58 62.128.131.38 58515 80 - - - - - - - - -
2010-06-29 16:30:23 OPEN-INBOUND TCP 84.201.189.58 62.128.131.38 44671 80 - - - - - - - - -
2010-06-29 16:30:23 OPEN-INBOUND TCP 84.201.189.58 62.128.131.38 51013 80 - - - - - - - - -
2010-06-29 16:30:29 CLOSE TCP 62.128.131.38 84.201.189.58 80 54825 - - - - - - - - -
2010-06-29 16:30:34 CLOSE TCP 62.128.131.38 84.201.189.58 80 58515 - - - - - - - - -
2010-06-29 16:30:23 OPEN-INBOUND TCP 84.201.189.58 62.128.131.38 32930 80 - - - - - - - - -
2010-06-29 16:30:52 OPEN-INBOUND TCP 84.201.189.58 62.128.131.128 4049 21 - - - - - - - - -
2010-06-29 16:30:52 CLOSE TCP 84.201.189.58 62.128.131.22 4046 5001 - - - - - - - - -
2010-06-29 16:30:57 CLOSE TCP 84.201.189.58 62.128.131.128 4045 21 - - - - - - - - -
2010-06-29 16:30:57 CLOSE TCP 84.201.189.58 62.128.131.128 4047 21 - - - - - - - - -
2010-06-29 16:30:57 CLOSE TCP 84.201.189.58 62.128.131.128 4049 21 - - - - - - - - -
2010-06-29 16:30:57 CLOSE TCP 84.201.189.58 62.128.131.128 4051 21 - - - - - - - - -
2010-06-29 16:31:01 DROP TCP 84.201.189.58 62.128.131.22 4046 5001 40 FA 3083694181 3568639956 32768 - - - RECEIVE
2010-06-29 16:31:04 OPEN TCP 62.128.131.128 84.201.189.58 2739 4046 - - - - - - - - -
2010-06-29 16:31:24 CLOSE TCP 62.128.131.38 84.201.189.58 80 44671 - - - - - - - - -

If I am reading this correctly, (may not be), it would seem she is trying to connect on different ports than FTP is listening on and the firewall blocks.

EDIT 2

We think we have found the reason, (awaiting user to test), when the firewall is on the ftp connection starts on ...128 but once authenticated switches to **..**.22. When the firewall off it stays on the 128 IP. Not 100% sure why it is doing this but would seem to make sense. We have requested that they copy the firewall rules for 128 to 22 on their end and see if it works.

EDIT 3

We think we have figured out why it is changing the IP. The machine has multiple static IP's assigned to it. The default IP is the .22 IP. So I changed the FTP IP to that and it seems to stay on the same IP. Still waiting for the user to come back to me to confirm both changes, (if it wasn't for the users this would be so much easier).

Thanks