>>1
first, do not use windows built ftp or iis ftp or whatever if that is what you are doing. get filezilla server
second, it is possible your isp is blocking traffic on the standard ftp port, so change server port to something like 57344 or something. you should also change from standard ftp port to avoid attacks.
third, normal (active) ftp requires two ports, this will be the server port and the one below it. in the above example, you will have to allow incoming connections on 57344 and 57343.
fourth, you should also allow passive ftp, which requires you set passive ftp port range (in filezilla server under Firewall options or something like that). the number of ports in this range should match the number of simultaneous connections you expect to handle at once. good range is 57345-57355 to handle 10 connections at once.
fifth, block all china ips. combining this with third step will take care of 80% of your security issues.