Summary: Cisco "established" keyword breaks FTP-DATA.
I am having FTP trouble when I configure my Cisco to only
permit established TCP connections above port 1024. When a
new (random) port is created for FTP-DATA (e.g., as the result
of a "dir"), the Cisco prohibits the connection since it
doesn't meet the "established" criteria.
Does anybody know what the port range is for randomly
allocated ports, or another way to get around this problem?
There is no such range. Or rather, even though UNIX systems tend
to allocate random ports somewhere above 1024, there's no ban on
servers in that range -- witness X11.
I know of no way to do what you want in a safe fashion. I wish I did.