There are several tasks to which we must attend before actually making use of our freshly installed FreeBSD system. Immediately upon reboot, you will find yourself in the console. While it is possible to setup and use the graphical login managers -- kdm, gdm or others -- it is important to note that this uses extra resources. One of our assumptions is that you might not have all that excess horsepower, so we'll stick with the console login for now.
The prompt says
login and we need to work as root for
awhile, so type
ENTER, then enter
the password -- nothing will display, so you have to really get it
nailed down in your mind. Hit
ENTER and prepare to work
for awhile from the console/CLI.
16. X Server Setup
On some hardware, the graphical setup tool will lockup or crash, and
perhaps require you to reboot. This is not the fault of anybody at
FreeBSD, since it comes with the X.org package. I've never gotten it to
work right, but many folks like it. Your best bet is the menu based
xorgcfg -textmode. Since this whole thing is adequately
covered elsewhere on the Internet, if you need more details, you'll
have to hunt them down. If you have a good xorg.conf from Linux, you'll
need to change a few things before dropping it into FreeBSD, so it's
better to run the utility here, then cut and splice appropriate
This text-mode version is really quite simple, and explains itself
very well. You have the main menu with various options and menus under
each item on the list. Most of the time moving from item to item is
simply a matter of hitting
ENTER, as they run in sequence
by default. Simply go down the list, and if you really don't know about
something, the safe route is to accept the default answer -- that is,
the answer offered by the program. On the graphics card, be sure to
look the whole list over before choosing. One complication here is on
many motherboards or with some video cards, the setup script cannot
identify the proper card type. If what you see doesn't fit, accept the
defaults and we can change it manually later.
You need to know precisely what the specs for your monitor are. That is, you need to know the upper and lower limits of the horizontal and vertical display frequencies. Be sure of this information; don't guess. This is the one place where software can easily damage your hardware. It is usually possible to find the information you want by visiting the website for the manufacturer of your monitor. The other item is to know what sort of screen resolution you want. If you have a really good card and large or high-quality monitor, getting a fancy 1600x1200 display might work, but there's not much point if you have only a 17" monitor. Here's the usual advice:
- 16" or smaller: 800x600
- 17" or larger: 1024x768
- 19" or larger: 1280x1024
You can guess the rest for yourself. As for color depth, only older card and monitor combinations run below 16-bit. While most people cannot tell the difference, you can bump it up to 24-bit if you know the hardware can take it.
When you are finished, let the script write the file. As always, you can go back later and hand edit the file, so notice where it is saved. We will do some of that next.
17. Final X Setup
Unless the script saved
xorg.conf somewhere else, type
at the prompt:
ls to ensure that you have a file named
xorg.conf. If it's not there, check in
/usr/X11R6/etc. When we know where it is, first make a
copy in case your editing goes wrong you really mess things up. Type
these two lines, one at a time:
cp xorg.conf bak.xorg.conf
The first line makes a backup copy ("cp"). The second line is the
built-in "Easy Editor" We note here for the first time,
really is easy, because the menu displays the whole time at the top of
the page. The only thing not obvious you will need to know is, when you
are finished, you must hit the
ESC key, then wait for the
exit menu. It will offer you the chance to save the file, which you
must do or lose your changes.
Most likely, you may have a section left out of the xorg.conf file. This would be the font paths, which are needed for some applications that run somewhat older-style interfaces. There are some dozen or so major interface frameworks for displaying in the X server, and each one has it's own set of peculiarities. If every application you run comes from KDE or Gnome2/Gtk2, you won't notice this at all. However, if you run anything that relies on the Gnome 1 interface (aka Gtk1), Tcl/Tk, or the Motif interface, for example, you will have a problem, because the fonts won't be available to them.
The problem has to do with how the fonts are passed to your X server. Without going into too much detail, it's sufficient to explain here that the modern X server has a component called "Xft" that helps improve the font display in most cases. However, Motif (among others) does not use this component. The configuration of Xft is done automatically when you install FreeBSD. However, getting the fonts to display in the X server directly -- without Xft -- is often not set up.
To do this manually is really quite simple. In your xorg.conf, look for a pair of lines like this:
In between those two lines should be listed all the places where you system has fonts that will work with the X server. The shortest answer is to write those lines in by hand. The format isn't that mysterious. When you are finished, it should look something like this:
Chances are I've listed font collections you haven't installed, but can add them later when we get to the lesson on ports. For now, it won't hurt to have those lines there, because the system will simply ignore what's missing.
Now, page down until you see this section:
# Core Pointer's InputDevice section
where you see the line
Option "Device" "/dev/sysmouse"
and just below it, add this line, if it is missing
Option "ZAxisMapping" "4 5"
making sure the indentation on this line matches the others. Be aware if you are using a newer USB mouse, this line may be unnecessary. Next, if the X configuration script added a line about emulating 3 mouse buttons, and you know you have a middle mouse button that works, remove that line. Then, if you have a graphics card that can put the monitor to sleep when you are away from the computer, scroll down to the section that says
# Graphics device section
and look for these lines
and add this line, if it is missing
Special note for nVidia card users: If you have a pretty fast card,
you may want to consider using the specially made driver from the
manufacturere to gain full 3D acceleration. You can do that later, by
adding the package
nvidia-driver. For now, you should have
a driver line with
"nv" in it.
Special note for Radeon card users: If your card chipset is numbered R280 or less, you can use the built-in driver for 3D acceleration. For the R300 chipset, 3D is experimental. It has been reported to work pretty well for R300 series, and some say for the R400 series. For newer cards, ATI has not offered a 3D driver for FreeBSD, and the experimental drivers don't seem to work well.
Finally, we are ready to setup the standard desktop for each user.
Since we are logged in as root, this run through serves as the example
for your regular user account. Type
cd to return to the
home directory. Now type:
In this new file, type this line:
then save and close the file.
Now we are ready to try out the GUI. Still logged in as root, simply
ENTER. KDE should start. You
probably won't have sound working yet. It's not so complicated that a
newbie can't figure it out, but there are too many variables to deal
with here. As a part of your initiation into the world of FreeBSD, I'll
direct you to the FreeBSD Handbook that comes with your
system. It comes in several languages, but the English version is found
Since I am assuming you are running KDE, all you need to do is open the Konqueror browser and type that line in the location bar and hit ENTER. Scroll down the index page to section 7 for Multimedia and read about setting up sound cards. As for setting up KDE, just running it for the first time you will be introduced to a setup wizard that should handle most issues.
18. System Mail
One of the most important tasks for managing your own system is to
learn to read system mail. Every Open Source operating system uses
this. By default, you already have a system working, called
sendmail. However, you should not attempt to use this for
sending mail to the outside world -- it's too complicated for us mere
mortals to configure. If you want something easier to configure, we'll
install Postfix later.
Here we also learn to use a GUI editor, Kedit. Look for it in the
KDE menu system under "Utilities > Editors" and click on
the name. You'll need to set it up to suit you, by clicking the
"Settings" in the menu bar and selecting the last option,
"Configure Kedit." Check each option and make adjustments;
it's all pretty self-explanatory. The most likely issue everyone wants
to adjust is the font size. When you are finished, click the
"OK" button. Now, click the icon in the toolbar at the top
that looks like a folder and open the file finder utility. On the upper
right-hand side of this is an entry box with a drop down arrow at the
far right end. Click the arrow and choose "Root Directory,"
then navigate into the "etc" directory. Look for a file named
rc.conf and open it.
This is the master config file for the whole system. Get the format wrong and your machine may not boot. The main thing to remember is that each entry has the same format: an option name, an equal sign (=) and quotation marks surrounding the variables for that option. Be sure to have the quotation marks before and after.
What follows is a quick and dirty method, and if you really want to understand what the options mean, you'll need to read the FreeBSD Handbook a great deal. For now, you'll have to trust me. Make sure this rc.conf file has the following lines in it:
Dialup users need to add these lines, also:
network_interfaces="lo0 tun0 ppp0"
Yes, that last line has no quotation marks and no argument, but it's required as is.
There may be other lines, but these are the minimum for our purpose
here. Of particular interest here are the firewall lines. Add them now
in the order shown, and we will explain later. Save the file and close
it, but not Kedit. Now lets open the file named
/etc/aliases. Somewhere near the top of the file, it
should have a line like this:
# root: firstname.lastname@example.org
Below that, add something like this, replacing "user" with your primary user account name:
Now run the command:
This way, any mail the system sends to root will come to my user
account. Once you have logged into your user account, at lease once
each day, you should open a Konsole window (menu: "System >
Konsole") and type the command
mutt and you should be
able to figure it out from there. Mutt isn't that hard to use for the
purpose of reading system mail. Move the cursor up and down with arrow
keys, then hit
ENTER to read the message highlighted. Read
the message, then hit "d". This will take you to the next message, or
back to the menu. Showing a "d" beside each one indicates they are
marked for deletion, and those are removed when you hit "q" for quit.
In a later lesson we'll configure Mutt to display in color.
The more complicated issue of parsing the daily reports is something we don't have room to cover here. Sadly, I've not found any good tutorials on that. The only thing I can suggest is over time you will become more familiar with the format and be able to pick out things that matter to you.
While FreeBSD is one of the most secure systems on the Internet, you still need to take normal precautions to prevent attacks. One of those is to setup a firewall. For dialup use, there's nothing better than the instructions offered in the documentation on your system:
What follows is derived from the Handbook. Copy it verbatim; cut and paste what's between the dashed lines. You can make refinements when you learn more about it. Remember, this is specifically designed for dialup users (notes for broadband users below):
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
# Define our outside interface. With userland-ppp this
# defaults to tun0.
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Check the state of all packets.
$fwcmd add check-state
# Stop spoofing on the outside interface.
$fwcmd add deny ip from any to any in via $oif not verrevpath
# Allow all connections that we initiate, and keep their state.
# but deny established connections that don't have a dynamic rule.
$fwcmd add allow ip from me to any out via $oif keep-state
$fwcmd add deny tcp from any to any established in via $oif
# Allow all local traffic.
$fwcmd add allow all from any to any via lo0
$fwcmd add deny all from any to 127.0.0.0/8
$fwcmd add deny ip from 127.0.0.0/8 to any
# Allow ICMP packets: remove type 8 if you don't want your host
# to be pingable.
$fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12
# Deny and log all the rest.
$fwcmd add deny log ip from any to any
Save this file as
Broadband users: If any part of your connection includes a router or gateway (many DSL modems are mini-routers), you don't really need a firewall. Skip down to the next section. If you have reason not to trust that firewall, keep reading.
Change the definition of
oif=to whatever interface you set up in lesson 1. In my case, it looks like this:
If your FreeBSD box is the only machine on that connection, you're done. However, when your machine is sharing a connection with Windows machines, you'll need to open your firewall to the IP ranged of the other machines on your shared connection. By opening your firewall to permit traffic from those within the internal IP range, you aren't actually risking much. However, the noise they make on a LAN will fill up your firewall logs pretty fast. Halfway down, just above the line which says:
# Allow all local traffic
we need to add a new section:
# Allow all connections within our network.
$fwcmd add allow ip from any to 192.168.1.0/24
$fwcmd add allow ip from 192.168.1.0/24 to any
This can get pretty tricky, because different providers handle things differently. What you see here is for ATT/Yahoo DSL in most areas of the US, using their DSL modem. That provider treats it's modem as a gateway, and all the systems connected to the modem are part of internal LAN, using those IP numbers. If you know nothing about this, contact your provider and find out if any part of your connection includes a gateway, and if so, what is the internal IP range. Note in my case, the last part of the IP number is a zero with a
/24. This opens the firewall to every possible number for that range. We don't have space here to explain all the variables. If you are determined to have a firewall on a broadband connection, you'll have to do the work to learn more about networking.
Two more Internet connection issues for dialup. Go to
/etc/ppp and see if there is file named
options. If not, create one with a single word in it:
noauth. Now go up one directory to
open/create one more file named
resolv.conf. In this file,
there must be at least two lines. The first one should read
domain followed by a space and the name of your ISP:
something.net for example. The next line(s) should be the
nameserver followed by the IP address of your ISP's
DNS servers. It should look something like this:
Save and close. Now is the time to reboot. Look for the logout button in the menu of KDE, and logout of the GUI. At the command line type this:
shutdown -r now
When all is done, it should come back up to the command line. Log into your user account this time, then startx. In KDE, you can open the KPPP utility from the menu, under "Internet" and follow the instructions to set it up. Unless you are using one of several national ISPs, you will want to avoid the setup wizard. It is now safe to connect to the Internet.
The next article will deal with adding a few important programs not included with the Install CD.Ed Hurst is Associate Editor of Open for Business. Ed operates a computer ministry in Oklahoma City. He loves computers, runs FreeBSD and GNU/Linux and reads all sorts of things.