I install ioFTPD on the computer which is the NAT with two netcard.
one net card's ip is external IP(202.X.X.X), the other's ip is 192.168.1.1 as the gateway of my lan.
in ioFTPD.ini, I have set the host is "host = 0.0.0.0"
and in the Hosts.Rules I only have the next 5 line:

POLICY ACCEPT 1
CLASS NORDIC 25
CLASS ADMIN -1
DENY I 10. "Banned network address"
DENY H .jp "Access from Japan is prohibited"

now ioFTPD works well in my lan, I can login on ip 192.168.1.?
either to connect 192.168.1.1 or to connect external ip (202.X.X.X).
It both ok. but other external ip 202.Y.Y.Y (not 192.168.1.?) can not
connect to 202.X.X.X, why

I have check the listening list with "netstat -ano", it HAS the listening port on 0.0.0.0:2021 (2021 is my ftp port).

I don't know why it works on lan, but can't be conncet by internet?

What do u get when you can't connect (FlashFXP log would do) ?

it just show "Connection failed"

and later I add a line in Hosts.rules:
"ACCEPT I 202.X.X.X ADMIN -1"
here 202.X.X.X is my external IP of my FTP,
when this other external IP (202.Y.Y.Y) connect my FTP and show:
"Out of time"!

Are you connected to the net via a router? If so forward ports as per the article in the kb.
Are you connected by Windows ICS? If so then you're pretty screwed unless you change it so your box is the one with direct access.
If you have ip granted access in the userfile and hosts.rules (which POLICY ACCEPT 1 should do) then it sounds like a routing issue.

thanks all!
I have found the reason.
my OS is windows 2003
In computer's "Routing and Remote Access", the netcard which is conncet to internet have a basic firewall, and the default option in it is "forbid FTP connect",so it can't be conncet by internet, but can done by intranet.
thanks all again!