The common way to allow outsider/internet users to access your FTP server is via this method:
1. Map your internal FTP Server to a dedicated Public IP Address to enable internet users to access your FTP server.
You can either use dedicated public IP (preferred), or use PIX Outside interface IP with port re-direction.
2. Configure/add access-list (ACL) on the PIX Outside interface allowing any or specific external IP to access to your FTP server via its Public IP. T
Internal FTP Server IP: 10.10.10.10
Public IP: 192.168.100.10
a. Mapping internal FTP Server on Inside segment (same if it's in DMZ)
static (inside, outside) 192.168.100.10 10.10.10.10 netmask 255.255.255.255
b. Create/add ACL & bind to Outside interface
access-list outside-access_in permit icmp any host 192.168.100.10 --> allow PING to test FTPsvr reachability. Remove after the test.
access-list outside-access_in permit tcp any host 192.168.100.10 eq 21
access-list outside-access_in deny ip any any
access-group outside-access_in in interface outside--> bind ACL to Outside interface
* Make sure your PIX set the default route correctly to the Internet router
The return traffic back to clients normally has no issue with PIX as it'll keep the connection/session status in its state table.
You can test the reachability/connectivity between client and server using the above ping (ICMP) test.
PIX's doc on allowing inbound connection: