How change the FTP_PASSIVE_MODE?

[perikillo]

  Hi, i have been around reading docs about the problem we have a lot
of people went we try to access one ftp server on the Internet, 
normally the (Passive servers), in the past i was using rules on
IPFILTER(freebsd 4.10 p5, think is the 3.4.31??  the one it cames
with), my rule was:

  To block all that arrives to my tun0(IN), and let out all the
packets of my internal cients  over tun0 and keep state. it was easy,
only let my users go to outside world. My ipnat it was simply, only:

map tun0 198.168.1.0/24 -> 0/32

   With this all my clients(win2k, win98, Freebsd, win XP) where happy
and secure.

   Them i decide to change my rules be more define, i read the
handbook, and start making changes:

    Block in all over my tun0 and let out any package over my tun0 only to:
port 21, 53, 80, 443, 5999, all the handbook say, services that i know
that normally went someone surf the web he is going to connect to
those services.

   I change my nat:
   
   map tun0 198.168.1.0//24 -> proxy port 21 ftp/tcp
   map tun0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:60000
   map tun0 192.168.1.0/24 -> 0/32


   Is ok, i can surf the web, but went i went to the freebsd server,
what happend:

   ftp: ls
           entering passive mode(bla, bla, bla) 
   ftp: connect no route to host

    Then i start searching the web about this issue and find a lot of
docs, this one say all:

http://www.unixcities.com/firewall-configuration/

    A lot of sites, here to, say that we can use the passive argument
went we call the   ftp client on freebsd, i need to check this!, And
they recomend to setup this global varible :
FTP_PASSIVE_MODE=yes, they we can make changes on login.conf, but that
file is  the one that freebsd use went we create new users, is ok, 
but what about root??? how can i change this enviromental variable
only once???

  Thanks in advanced!!!