i know this has been asked many times before, but nothing seems to resolve my issue.

i have vsftpd running on ubuntu 10.04. i can connect with ftp localhost on the machine. i can connect from another machine in my network. i just cannot connect from outside. the machine is behind an airport extreme managed by airport utility on a mac.

21 is open as per nmap:

macmini:~$ nmap localhost

Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-10 23:49 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00045s latency).
Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1
rDNS record for 127.0.0.1: localhost.localdomain
Not shown: 997 closed ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
631/tcp open  ipp

netstat says 21 is listening:

macmini:~$ netstat -lep --tcp | grep ftp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp        0      0 *:ftp                   *:*                     LISTEN

iptables:

macmini:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

when i try to connect from my external IP (or a dyndns name which resolves there) it times out. ("control connection timed out")

as i know very little about networking, i feel like something may jump out as clearly wrong?