Are you using a different Security Group then you did with Wowza 2? If so, that is not necessary, but then you have to open the same ports. 21 for ftp, 22 for ssh, 1935 for Wowza, and whatever else you might need.
I'm not really familiar with EC2, but I can offer some general suggestions.
1. I recommend SFTP instead of FTP. (only needs 1 port)
2. You have: Response: 227 Entering Passive Mode (10,128,97,37,157,57).
Status: Server sent passive reply with unroutable address. Using server address instead.
-Your server is responding with its local IP instead of external. This is probably configurable in the vsFTPd conf file. You need to tell it to use your external IP. I use Proftpd so in my proftpd.conf this setting is: MasqueradeAddress [external-IP-address]
4. Passive mode is usually used since it doesn't require configuration of the client's router.
Passive Mode Howto:
1. Configure your FTPd server conf file to use a range of passive ports, e.g. 60000-61000
2. Configure your server firewall to allow TCP in/out on that port range, or in + state related/established. (also port 21, the default ftp port)
3. If your server is behind a NAT router, forward that range of ports to your server.
4. Also, if server is behind NAT router, configure your FTPd server to use your public IP Address.
1. Configure your server's firewall to allow TCP in/out on ports 20 and 21.
2 Configure your ftp client to use Active mode. Note you will need to set your client's external IP (in the Filezilla active settings) and BE SURE it's correct when you're connecting. Google "what is my IP" to check. Note: the
ip.filezilla-project.org/ip.php option might not work. It just returns 127.0.0.1 for me. So, you might have to set it manually each time.
3. Configure your ftp client to use a range of active ports. e.g. 61000-62000
4. Forward that range of TCP ports on your client side router to your client computer.
5. Either turn off your client computer firewall, or open that range of ports, and also be sure the ftp client application itself is allowed.
Note that instead of ACTIVE steps 2, 3 and 4 above you could just plug directly into your modem so that your computer get's an external IP.
Also note that instead of PASSIVE steps 1 and 2, you can just clear your server's firewall. When I mess with the firewall I set the computer to reboot after a minute, in case I get locked out. e.g. "iptables -F && shutdown -r +1 &" Then "shutdown -c" to cancel reboot, if I didn't manage to lock myself out.