I use proftp. It's secure, easy to configure and easily extensible with modules for more advanced configs.
To allow ftp acces from only a certain IP block I'd use iptables and not rely on the ftp server to handle it. (Don't know if proftpd even could do it.) If you want passive transfers be sure to not only allow port 21 but also a range of high ports (I use 62000-64000) through the firewall. Then you can tell proftpd to use only these ports for passive transfers with the directive PassivePorts 62000 64000. If you want active transfers as well remember to open up port 20.