Here is a get for a file on the server, first in active mode, then in passive mode.
Code:
me@home7:/home/me$ ftp ftpsrv1
Connected to ftpsrv1.home.com.
220-Private FTP server - unauthorized access prohibited
220
Name (ftpsrv1:me):
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ftp> cd ftp
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw------- 1 1000 104 10 May 01 16:59 a.file
226 Directory send OK.
ftp>
ftp> get a.file
local: a.file remote: a.file
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for a.file (10 bytes).
226 Transfer complete.
10 bytes received in 7.4e-05 secs (1.3e+02 Kbytes/sec)
ftp>
ftp>
ftp> passive
Passive mode on.
ftp> get a.file
local: a.file remote: a.file
227 Entering Passive Mode (192,168,1,15,117,144).
150 Opening BINARY mode data connection for a.file (10 bytes).
226 Transfer complete.
10 bytes received in 0.000708 secs (14 Kbytes/sec)
ftp>
As you can see, the get worked in both active and passive modes.
Are your clients Windows, *nix, Mac, or something else?
Have you set up your firewall to allow incoming connections to your server on port 21?
For active mode, does the firewall on your client systems allow the server to open a connection to port 20 on the client?
Do you have these directives in your config file? You might have different min/max port range.
Code:
connect_from_port_20=YES
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30099
Did you open up your firewall for those ports too?
Code:
iptables -I INPUT -p tcp --destination-port 30000:30099 -j ACCEPT
Can you post your vsftpd.conf file?