One more thing; I found the relevant FAQ entry here:
Unless I am missing something the instructions in this FAQ appear to be incomplete. The setup described in the FAQ would not, in fact, allow an FTP connection through an SSH tunnel set up by PuTTY, as they neglect to take care of setting up the second FTP data connection through the tunnel.
There are two options. One would be to set it up in active mode, requiring the client to accept incoming connections on some data port, which would require connections to the pass-through server from the FTP server to be forwarded back through the tunnel to the client (I do not know how to configure this in PuTTY, I don't even know if this is possible -- I am not an SSH tunneling expert). To support this option, however, you have to be able to tell WinSCP to always use a specified port/range of ports for accepting active mode data connections. The other is to set it up in passive mode, which requires a second outgoing port forward to be set up through the tunnel, and the ability to ignore the server's passive mode IP (which is the missing piece in my puzzle). The ability to also override the passive mode port is not necessary as long as you set up port forwarding to use the same local port number that the remote FTP server is using for passive connections.
In both cases, passive and active, WinSCP is either lacking the necessary options or I just can't find them to support connections over SSH tunnels created by external tools (for active, ability to specify active listen port, for passive, ability to override passive connection IP). The FAQ and other online documentation does not cover either of these, and without them I'm curious as to how anybody has ever gotten WinSCP working this way.