Since this post is not so ancient, I wanted to share my findings with setting up an FTP server for external access (over the internet) through a Time Capsule (FW:7.6.4 Latest at the time of this post).
I struggled with this for several hours. First, I had to get all the right ports in place. I ended up setting up 20,21,22,989,990 and the port range that my NAS device uses (55536-55663). I chose to leave it on the default values for this device which is a D-link DNS-323. These devices are probably incorrectly faulted for poor FTP server capabilities, just as I suspect that AE's and TC's are also likely incorrectly faulted, as WELL as ARRISS routers which i have a 1670 with TWC as the ISP. And when i say "faulted", i'm referring to this scenario in particular. There's a lot of complexity with so many pieces involved, which i think is then compounded by FTP clients' automatic behaviors.
At any rate, after establishing the basic ports matched (not changing the private ports and public ports to other values), I could successfully connect to the FTP server via the DDNS address, BUT this was from within my network, so not actually testing from the outside yet. So at that point, I assumed that it was working fine. Once it was actually tested from somewhere else, it was not working at all. I fooled with several web browsers and an FTP client (FileZilla). I was seeing all sorts of odd behavior from each of these deals. Firefox on a mac sometimes works (from within or outside). Safari works fine, but i'm only testing this internally. IE and Firefox on PC works internally, but neither externally. FileZilla works fine internally, but attempts TLS connection externally and never works. I struggled with this for many many hours (adjusting settings/preferences in FileZilla), and in the end what i found that got something working was configuring an entry in "site manager" inside FileZilla, and forcing it to use "Plain FTP", and "Passive". Without doing this (just using the quick connect method) FileZilla likes to try all sorts of methods of connection, even when you're setting preferences that suggest otherwise. It was getting stuck trying to go the TLS route. This would eventually time out. After creating the entry for the FTP server in the site manager area and then using that to connect.. BAM!! IT JUST WORKED! Which is of course, what any of us are looking for initially at least! Now, beyond this.. trying to get it to be more secure and what not, i haven't gone there yet. I think this is at least "good enough" for some folks, and at least a starting point of "hey this actually does sort of work". It also reveals that a great deal of the frustration is the behaviors of various browsers negotiating the FTP connection automatically. This reminds me of "Auto Negotiate" for link speed on network hardware. Sometimes manual is the only way to go! Anyway, I hope this might come of use to some folks out there. Good luck!