Here is an example of settings, but you do not have pasv_enable=Yes pasv_min_port=10000 pasv_max_port=11000 and also iptables settings need open ports 10k-11k as in the example for a passive connection.
(FTP can work both in active mode and in passive mode.
In active mode, the client makes a control connection with the server, and
the server makes a data connection with the client.
In passive mode, the client
itself makes the control connection and the data connection.
Under the control connection there is due to authentication and command transmission.The
control connection is made by the client in both cases in the same way, from
the client side from the dynamic TCP port 1024-65535 to the server port 21.
In active mode, after a control connection from the client, the FTP server
connects to the client's dynamic port 1024-65535 from its TCP port 20
for data transfer.
In passive mode, after a control connection from the client, the FTP server
tells the client the dynamic TCP port number 1024-65535 to which
the client can connect for data transfer. )
listen=NO
listen_ipv6=YES
anonymous_enable=NO local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
pasv_enable=Yes
pasv_min_port=10000
pasv_max_port=11000
user_sub_token=$USER
local_root=/home/$USER/ftp
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist userlist_deny=NO
rsa_cert_file=/etc/ssl/private/vsftpd. pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
and in iptables
sudo service ufw status
If it's running and you are going to leave it running, you must allow incoming traffic for to FTP ports (20,21 for active connections and
10000-10100 for passive ones). To do so you can run:
sudo ufw allow from any to any port 20,21,10000:11000 proto tcp