My experience is the kernel FTP helper is hit or miss, it is best to have a explicit passive ports rule.
And it's always been that way, which is why I've never relied on them and was a little sad when Untangle decided to include one. It's always more stable to configure a given Internet exposed service to manage the realities of NAT itself than it is to try and get the router to juggle all of that. But, not every service plays nice, so we all end up doing everything just so we have the right tools for every job.