FTP PORT command sends the wrong IP address for data channel over VPN

I hope this is the correct newsgroup for this item. Please let me know
if this should be posted elsewhere.

We have noticed that when using FTP over a VPN, PDAs send the wrong ip
address for the data channel.

We are using an ISP to connect to the internet, at which point the ISP
provides a public IP address. We then connect to an internal VPN and
receive a private IP address. At this point I believe the client device
would be aware of both ip addresses.

When using simple FTP client applications (CedeFTP, etc.) to connect to
an FTP server inside the VPN, the PDA supplies the correct IP address
(VPN private address) and sucessfully establishes a connection to the
server. However, when the FTP client issues commannds that require a
data port, the PDA sends the ISP public ip address in the PORT command.
The server indentifies a change in the IP address and disallows the
connection for the data channel.

Currently we are testing with only active mode. We have not focused our
efforts on passive mode, as I believe that requires the opening of all
ports greater then 1024. Additionally, we have an application which
currently uses only active mode. Though we could change the application
to use either mode, we would still have the issue of opening the
additional ports.

Currently we are testing with the following:
* iPAQ 4700
* Movian VPN Client (end of life occurred Nov of last year)
* CedeFtp and ScottyFtp

We would greatly appreciate any advice on this issue.