Desktop FreeBSD Part 2: Initial Setup

By Ed Hurst | Mar 13, 2007 at 21:44:29

There are several tasks to which we must attend before actually making use of our freshly installed FreeBSD system. Immediately upon reboot, you will find yourself in the console. While it is possible to setup and use the graphical login managers -- kdm, gdm or others -- it is important to note that this uses extra resources. One of our assumptions is that you might not have all that excess horsepower, so we'll stick with the console login for now.

The prompt says login and we need to work as root for awhile, so type root and ENTER, then enter the password -- nothing will display, so you have to really get it nailed down in your mind. Hit ENTER and prepare to work for awhile from the console/CLI.

16. X Server Setup

On some hardware, the graphical setup tool will lockup or crash, and perhaps require you to reboot. This is not the fault of anybody at FreeBSD, since it comes with the X.org package. I've never gotten it to work right, but many folks like it. Your best bet is the menu based xorgcfg -textmode. Since this whole thing is adequately covered elsewhere on the Internet, if you need more details, you'll have to hunt them down. If you have a good xorg.conf from Linux, you'll need to change a few things before dropping it into FreeBSD, so it's better to run the utility here, then cut and splice appropriate sections later.

This text-mode version is really quite simple, and explains itself very well. You have the main menu with various options and menus under each item on the list. Most of the time moving from item to item is simply a matter of hitting ENTER, as they run in sequence by default. Simply go down the list, and if you really don't know about something, the safe route is to accept the default answer -- that is, the answer offered by the program. On the graphics card, be sure to look the whole list over before choosing. One complication here is on many motherboards or with some video cards, the setup script cannot identify the proper card type. If what you see doesn't fit, accept the defaults and we can change it manually later.

You need to know precisely what the specs for your monitor are. That is, you need to know the upper and lower limits of the horizontal and vertical display frequencies. Be sure of this information; don't guess. This is the one place where software can easily damage your hardware. It is usually possible to find the information you want by visiting the website for the manufacturer of your monitor. The other item is to know what sort of screen resolution you want. If you have a really good card and large or high-quality monitor, getting a fancy 1600x1200 display might work, but there's not much point if you have only a 17" monitor. Here's the usual advice:

• 16" or smaller: 800x600
• 17" or larger: 1024x768
• 19" or larger: 1280x1024

You can guess the rest for yourself. As for color depth, only older card and monitor combinations run below 16-bit. While most people cannot tell the difference, you can bump it up to 24-bit if you know the hardware can take it.

When you are finished, let the script write the file. As always, you can go back later and hand edit the file, so notice where it is saved. We will do some of that next.

17. Final X Setup

Unless the script saved xorg.conf somewhere else, type at the prompt:

cd /etc/X11

then ls to ensure that you have a file named xorg.conf. If it's not there, check in /usr/X11R6/etc. When we know where it is, first make a copy in case your editing goes wrong you really mess things up. Type these two lines, one at a time:

cp xorg.conf bak.xorg.conf
ee xorg.conf

The first line makes a backup copy ("cp"). The second line is the built-in "Easy Editor" We note here for the first time, ee really is easy, because the menu displays the whole time at the top of the page. The only thing not obvious you will need to know is, when you are finished, you must hit the ESC key, then wait for the exit menu. It will offer you the chance to save the file, which you must do or lose your changes.

Most likely, you may have a section left out of the xorg.conf file. This would be the font paths, which are needed for some applications that run somewhat older-style interfaces. There are some dozen or so major interface frameworks for displaying in the X server, and each one has it's own set of peculiarities. If every application you run comes from KDE or Gnome2/Gtk2, you won't notice this at all. However, if you run anything that relies on the Gnome 1 interface (aka Gtk1), Tcl/Tk, or the Motif interface, for example, you will have a problem, because the fonts won't be available to them.

The problem has to do with how the fonts are passed to your X server. Without going into too much detail, it's sufficient to explain here that the modern X server has a component called "Xft" that helps improve the font display in most cases. However, Motif (among others) does not use this component. The configuration of Xft is done automatically when you install FreeBSD. However, getting the fonts to display in the X server directly -- without Xft -- is often not set up.

To do this manually is really quite simple. In your xorg.conf, look for a pair of lines like this:

Section "Files"
EndSection

In between those two lines should be listed all the places where you system has fonts that will work with the X server. The shortest answer is to write those lines in by hand. The format isn't that mysterious. When you are finished, it should look something like this:

Section "Files"
   FontPath "/usr/X11R6/lib/X11/fonts/TTF/"
   FontPath "/usr/X11R6/lib/X11/fonts/webfonts/"
   FontPath "/usr/X11R6/lib/X11/fonts/bitstream-vera/"
   FontPath "/usr/X11R6/lib/X11/fonts/urwfonts-ttf/"
   FontPath "/usr/X11R6/lib/X11/fonts/misc/"
   FontPath "/usr/X11R6/lib/X11/fonts/100dpi/"
   FontPath "/usr/X11R6/lib/X11/fonts/75dpi/"
   FontPath "/usr/X11R6/lib/X11/fonts/Type1/"
   FontPath "/usr/local/share/ghostscript/fonts/"
EndSection

Chances are I've listed font collections you haven't installed, but can add them later when we get to the lesson on ports. For now, it won't hurt to have those lines there, because the system will simply ignore what's missing.

Now, page down until you see this section:

# ***********************************
# Core Pointer's InputDevice section
# ***********************************

where you see the line

Option "Device" "/dev/sysmouse"

and just below it, add this line, if it is missing

Option "ZAxisMapping" "4 5"

making sure the indentation on this line matches the others. Be aware if you are using a newer USB mouse, this line may be unnecessary. Next, if the X configuration script added a line about emulating 3 mouse buttons, and you know you have a middle mouse button that works, remove that line. Then, if you have a graphics card that can put the monitor to sleep when you are away from the computer, scroll down to the section that says

# ************************
# Graphics device section
# ************************

and look for these lines

Section "Device"
Identifier
Driver

and add this line, if it is missing

Option   "DPMS"

Special note for nVidia card users: If you have a pretty fast card, you may want to consider using the specially made driver from the manufacturere to gain full 3D acceleration. You can do that later, by adding the package nvidia-driver. For now, you should have a driver line with "nv" in it.

Special note for Radeon card users: If your card chipset is numbered R280 or less, you can use the built-in driver for 3D acceleration. For the R300 chipset, 3D is experimental. It has been reported to work pretty well for R300 series, and some say for the R400 series. For newer cards, ATI has not offered a 3D driver for FreeBSD, and the experimental drivers don't seem to work well.

Finally, we are ready to setup the standard desktop for each user. Since we are logged in as root, this run through serves as the example for your regular user account. Type cd to return to the home directory. Now type:

ee .xinitrc

In this new file, type this line:

exec /usr/local/bin/startkde

then save and close the file.

Now we are ready to try out the GUI. Still logged in as root, simply type startx and ENTER. KDE should start. You probably won't have sound working yet. It's not so complicated that a newbie can't figure it out, but there are too many variables to deal with here. As a part of your initiation into the world of FreeBSD, I'll direct you to the FreeBSD Handbook that comes with your system. It comes in several languages, but the English version is found here:

/usr/share/doc/en_US.ISO8859-1/books/handbook/index.html

Since I am assuming you are running KDE, all you need to do is open the Konqueror browser and type that line in the location bar and hit ENTER. Scroll down the index page to section 7 for Multimedia and read about setting up sound cards. As for setting up KDE, just running it for the first time you will be introduced to a setup wizard that should handle most issues.

18. System Mail

One of the most important tasks for managing your own system is to learn to read system mail. Every Open Source operating system uses this. By default, you already have a system working, called sendmail. However, you should not attempt to use this for sending mail to the outside world -- it's too complicated for us mere mortals to configure. If you want something easier to configure, we'll install Postfix later.

Here we also learn to use a GUI editor, Kedit. Look for it in the KDE menu system under "Utilities > Editors" and click on the name. You'll need to set it up to suit you, by clicking the "Settings" in the menu bar and selecting the last option, "Configure Kedit." Check each option and make adjustments; it's all pretty self-explanatory. The most likely issue everyone wants to adjust is the font size. When you are finished, click the "OK" button. Now, click the icon in the toolbar at the top that looks like a folder and open the file finder utility. On the upper right-hand side of this is an entry box with a drop down arrow at the far right end. Click the arrow and choose "Root Directory," then navigate into the "etc" directory. Look for a file named rc.conf and open it.

This is the master config file for the whole system. Get the format wrong and your machine may not boot. The main thing to remember is that each entry has the same format: an option name, an equal sign (=) and quotation marks surrounding the variables for that option. Be sure to have the quotation marks before and after.

What follows is a quick and dirty method, and if you really want to understand what the options mean, you'll need to read the FreeBSD Handbook a great deal. For now, you'll have to trust me. Make sure this rc.conf file has the following lines in it:

hostname="name.local.bsd"
linux_enable="YES"
usbd_enable="YES"
firewall_enable="YES"
firewall_script="/etc/firewall.conf"
firewall_logging="YES"
syslogd_enable="YES"

Dialup users need to add these lines, also:

network_interfaces="lo0 tun0 ppp0"
ifconfig_tun0=

Yes, that last line has no quotation marks and no argument, but it's required as is.

There may be other lines, but these are the minimum for our purpose here. Of particular interest here are the firewall lines. Add them now in the order shown, and we will explain later. Save the file and close it, but not Kedit. Now lets open the file named /etc/aliases. Somewhere near the top of the file, it should have a line like this:

# root: me@my.domain

Below that, add something like this, replacing "user" with your primary user account name:

root: user

Now run the command:

newaliases

This way, any mail the system sends to root will come to my user account. Once you have logged into your user account, at lease once each day, you should open a Konsole window (menu: "System > Konsole") and type the command mutt and you should be able to figure it out from there. Mutt isn't that hard to use for the purpose of reading system mail. Move the cursor up and down with arrow keys, then hit ENTER to read the message highlighted. Read the message, then hit "d". This will take you to the next message, or back to the menu. Showing a "d" beside each one indicates they are marked for deletion, and those are removed when you hit "q" for quit. In a later lesson we'll configure Mutt to display in color.

The more complicated issue of parsing the daily reports is something we don't have room to cover here. Sadly, I've not found any good tutorials on that. The only thing I can suggest is over time you will become more familiar with the format and be able to pick out things that matter to you.

19: Firewall

While FreeBSD is one of the most secure systems on the Internet, you still need to take normal precautions to prevent attacks. One of those is to setup a firewall. For dialup use, there's nothing better than the instructions offered in the documentation on your system:

/usr/share/doc/en_US.ISO8859-1/articles/dialup-firewall/index.html

What follows is derived from the Handbook. Copy it verbatim; cut and paste what's between the dashed lines. You can make refinements when you learn more about it. Remember, this is specifically designed for dialup users (notes for broadband users below):

-----------------------------
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"

# Define our outside interface. With userland-ppp this
# defaults to tun0.
oif="tun0"

# Force a flushing of the current rules before we reload.
$fwcmd -f flush

# Check the state of all packets.
$fwcmd add check-state

# Stop spoofing on the outside interface.
$fwcmd add deny ip from any to any in via $oif not verrevpath

# Allow all connections that we initiate, and keep their state.
# but deny established connections that don't have a dynamic rule.
$fwcmd add allow ip from me to any out via $oif keep-state
$fwcmd add deny tcp from any to any established in via $oif

# Allow all local traffic.
$fwcmd add allow all from any to any via lo0
$fwcmd add deny all from any to 127.0.0.0/8
$fwcmd add deny ip from 127.0.0.0/8 to any

# Allow ICMP packets: remove type 8 if you don't want your host
# to be pingable.
$fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12

# Deny and log all the rest.
$fwcmd add deny log ip from any to any
-----------------------------

Save this file as /etc/firewall.conf.

Broadband users: If any part of your connection includes a router or gateway (many DSL modems are mini-routers), you don't really need a firewall. Skip down to the next section. If you have reason not to trust that firewall, keep reading.

Change the definition of oif= to whatever interface you set up in lesson 1. In my case, it looks like this:

oif="vr0"

If your FreeBSD box is the only machine on that connection, you're done. However, when your machine is sharing a connection with Windows machines, you'll need to open your firewall to the IP ranged of the other machines on your shared connection. By opening your firewall to permit traffic from those within the internal IP range, you aren't actually risking much. However, the noise they make on a LAN will fill up your firewall logs pretty fast. Halfway down, just above the line which says:

# Allow all local traffic

we need to add a new section:

# Allow all connections within our network.
$fwcmd add allow ip from any to 192.168.1.0/24
$fwcmd add allow ip from 192.168.1.0/24 to any

This can get pretty tricky, because different providers handle things differently. What you see here is for ATT/Yahoo DSL in most areas of the US, using their DSL modem. That provider treats it's modem as a gateway, and all the systems connected to the modem are part of internal LAN, using those IP numbers. If you know nothing about this, contact your provider and find out if any part of your connection includes a gateway, and if so, what is the internal IP range. Note in my case, the last part of the IP number is a zero with a /24. This opens the firewall to every possible number for that range. We don't have space here to explain all the variables. If you are determined to have a firewall on a broadband connection, you'll have to do the work to learn more about networking.

Two more Internet connection issues for dialup. Go to /etc/ppp and see if there is file named options. If not, create one with a single word in it: noauth. Now go up one directory to /etc and open/create one more file named resolv.conf. In this file, there must be at least two lines. The first one should read domain followed by a space and the name of your ISP: something.net for example. The next line(s) should be the word nameserver followed by the IP address of your ISP's DNS servers. It should look something like this:

domain something.net
nameserver xxx.xx.xxx.xx
nameserver xxx.xx.xx.xxx

Save and close. Now is the time to reboot. Look for the logout button in the menu of KDE, and logout of the GUI. At the command line type this:

shutdown -r now

When all is done, it should come back up to the command line. Log into your user account this time, then startx. In KDE, you can open the KPPP utility from the menu, under "Internet" and follow the instructions to set it up. Unless you are using one of several national ISPs, you will want to avoid the setup wizard. It is now safe to connect to the Internet.

The next article will deal with adding a few important programs not included with the Install CD.

Ed Hurst is Associate Editor of Open for Business. Ed operates a computer ministry in Oklahoma City. He loves computers, runs FreeBSD and GNU/Linux and reads all sorts of things.