Proftpd TLS connection requires passive mode ports to be open if you are using a firewall.In this case UFW.


In the proftpd.conf file, find the below line and remove # from the start.You can narrow the ephemeral port range if you like.

PassivePorts   startport endport

restart proftpd then add a firewall rule to that port range.

ufw allow startport:endport/tcp
ufw disable && ufw enable