Доступ к vsftpd через wan

Кажется, я не могу получить доступ к FTP через WAN, локальный работает отлично. Первоначальное соединение через WAN работает нормально, но сервер отклоняет пароли с ошибкой:

'Can't write to control socket. Socket error = #10053'
50000:50010v
vsf50000:5001050000:50010tpd.log isn't much help, only specifying the connect has been made
'Sun Sep 21 04:21:58 2014 [pid 27853] CONNECT: Client "192.168.1.1"'

Конфигурация

listen=YES
anonymous_enable=NO
#
# Allow local users to log in
local_enable=YES
#
write_enable=YES
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES

# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
local_root= /home/$USER/backup/
user_sub_token=$USER
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# This option specifies the location of the RSA key to use for SSL
# encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH