Astaro useful shell commands.

Hi to All.
I'm opening this thread so any of you which happens to run into useful Shell commands, can add it in here.
My goal is to create a document with many Astaro useful shell commands.
You are welcome to add, remark or reject any of the commands in here.

  • Hello

    Anyone know the shell command for creating a new user in a specified group via shell?
    I would like to create VPN-users with scripts.

    Thank you
    Ok, i found another solution, ignore my posting Smile
  • In reply to SIKN:



    This is my first post, sorry if it is obvious or common sense. But I searched for an answer to my question and I am yet to find a decent answer. 


    I am trying to find a shell command to list all active IPs on the network. I tried the "/usr/local/bin/count_active_ip.plx --showcount" and it continues to list the IP of my phone even after turning off my phone's WiFi. 

    I also tried "arp -a" but it also returned the same IP regardless of the face that the phone is no longer on the network. 

    My question is, Is there a way to list only currently connected devices using a shell command ? 

    Thank you, 

  • In reply to Nlaym:

    Hi Nlaym and welcome to the UTM Community!

    You can get the list of active connections for a subnet with:

    conntrack -L conntrack|grep 'src=10\.1\.1\.'|grep -oP 'src=.*? dst'|sort -n|uniq -c|sort -n

    Cheers -Bob

  • In reply to BAlfson:

    Hey Bob, 

    Thank you for the quick and informative reply. Totally appreciated! 


    I tried the command and I still saw my phone's IP even after leaving the network for almost an hour. I admit that by that time I didn't continue to look for it. 


    My guess is that --please correct me if I am wrong-- that new connections and traffic has to happen for my phone's IP to disappear from that active connections list, right ? 

    I must apologize for all the trouble, I am looking for a way to tell when an IP disconnects from the network using shell commands. 



  • In reply to Nlaym:

    If you do cc get packetfilter timeouts you will see that the problem is ip_conntrack_tcp_timeout_established which is probably set to 86400 or one day.  The minimum value for this is 7440, 2 hours and 4 minutes.  To make that setting, do:

    cc set packetfilter timeouts ip_conntrack_tcp_timeout_established 7440

    Short of pinging a specific IP, I don't think there's an easy way to get an answer for something that disconnected less than 2 hours before.

    Cheers - Bob

  • This content is gold! thanks for sharing