Sounds like active vs. passive firewall issues (e.g., you either need to switch your clients to match your firewall settings, or open your firewall further–ftp-data is definitely required, and you’ll need at least a rule for ESTABLISHED,RELATED connections on the high ports, though I always just open the high ports 1024:).
Not sure. Sounds like it could be configuration in ProFTPd, but it could also be that the file is owned by someone other than what ProFTPd is dropping privileges to when chrooting.
You’ll probably need to look in the secure.log or wherever it is that Mac OS X spits out login related errors (it’s /var/log/secure.log on Red Hat based systems, for example). Maybe ProFTPd will have to have logging cranked up.