In above letter I had a mistake. I didpass in on $int_if inet proto tcp from <tlv_lan> to port ftp divert-to 127.0.0.1 port 8021
and in same time allow { ftp, > 49151 } for internal host on which I tested connection to remote ftp. I deleted that ports and now internal client can connect to external ftp servers with active and passive mode. Connection to internal ftp also work.
pass in on $int_if inet proto tcp from <twikimail> to any port { smtp, submission, www, https, ftp, >49151 }
