Desktop FreeBSD Part 2: Initial Setup

By Ed Hurst | Posted at 12:40 AM
There are several tasks to which we must attend before actually making use of our freshly installed FreeBSD system. Immediately upon reboot, you will find yourself in the console. While it is possible to setup and use the graphical login managers -- kdm, gdm or others -- it is important to note that this uses extra resources. One of our assumptions is that you might not have all that excess horsepower, so we'll stick with the console login for now.

The prompt says login and we need to work as root for awhile, so type root and ENTER, then enter the password -- nothing will display, so you have to really get it nailed down in your mind. Hit ENTER and prepare to work for awhile from the console/CLI.

Final X Setup

First, let's visit the X server setup. Type at the prompt:

   cd /etc/X11

then ls to ensure that you have a file named XF86Config. If it's not there, you'll have to rerun the script xf86config. When we know it's there, type

   pico XF86Config

because pico is for newbies the most usable editor on the machine for now. If you have a mouse with a scrolling wheel, we'll need to let the system know that. Scroll down to the section that says

# ***********************************
# Core Pointer's InputDevice section
# ***********************************

where you see the line

    Option "Device" "/dev/sysmouse"

and just below it, add this line

    Option "ZAxisMapping" "4 5"

making sure the indentation on this line matches the others. Next, if you have a graphics card that can put the monitor to sleep when you are away from the computer, scroll down to the section that says

# ************************
# Graphics device section
# ************************

and look for these lines

Section "Device"
    Identifier
 Driver

and add this line

 Option      "DPMS"

Most other settings you might want to change depend too much on your specific situation, so you'll need to do the research for things like adding TrueType fonts, which X server modules you want to run with your hardware, and so forth. For now, read the help lines at the bottom of the screen in the pico editor to learn that you can save the file by typing CTRL+O ("write Out") and close the editor with CTRL+X ("eXit") -- in typing notation, the caret (^) is shorthand for the CTRL key.

Now we are ready to try out the GUI. Still logged in as root, simply type startx and ENTER. Whatever desktop you've chosen as your default should start. You probably won't have sound working yet. It's not so complicated that a newbie can't figure it out, but there are too many variables to deal with here. As a part of your initiation into the world of FreeBSD, I'll direct you to the FreeBSD Handbook that comes with your system. It comes in several languages, but the English version is found here:

/usr/share/doc/en_US.ISO8859-1/books/ handbook/index.html

Since I am assuming you are running KDE, all you need to do is open the Konqueror browser and type that line in the location bar and hit ENTER. Scroll down the index page to section 16 for Multimedia and read about setting up sound cards. As for setting up KDE, just running it for the first time you will be introduced to a setup wizard that should handle most issues.

System Mail

One of the most important tasks for managing your own system is to learn to read system mail. Every Open Source operating system uses this. If you ignored my advice and did not install postfix, you already have a system working, called sendmail. However, you should not attempt to use this for sending mail to the outside world -- it's too complicated for us mere mortals. If you took my advice and installed postfix, we'll need to do a little work to get it ready. In a later article I will explain how to use it for sending mail on the Internet, but for now we have make sure it's ready to run internally. There is a great deal of debate within the BSD community about this, but the typical method is to completely displace the old sendmail system and by running postfix under a pseudonym of "sendmail."

Here we also learn to use a GUI editor, Kedit. Look for it in the KDE menu system under "Editors" and click on the name. You'll need to set it up to suit you, by clicking the "Settings" in the menu bar and selecting the last option, "Configure Kedit." Check each option and make adjustments; it's all pretty self-explanitory. The most likely issue everyone wants to adjust is the font size. When you are finished, click the "OK" button. Now, click the icon in the toolbar at the top that looks like a folder and open the file finder utility. On the upper right-hand side of this is an entry box with a drop down arrow at the far right end. Click the arrow and choose "Root Directory," then navigate into the "etc" directory. Look for a file named rc.conf and open it.

This is the master config file for the whole system. Get the format wrong and your machine may not boot. The main thing to remember is that each entry has the same format: an option name, an equal sign (=) and quotation marks surrounding the variables for that option. Be sure to have the quotation marks before and after.

What follows is a quick and dirty method, and if you really want to understand what the options mean, you'll need to read the FreeBSD Handbook a great deal. For now, you'll have to trust me. Make sure this rc.conf file has the following lines in it:

hostname="name.local.bsd"
 nkern_securelevel_enable="NO"
linux_enable="YES"
 nnfs_reserved_port_only="YES"
sendmail_enable="YES"
 nsendmail_flags="-bd"
sendmail_outbound_enable="NO"
 nsendmail_submit_enable="NO"
sendmail_msp_queue_enable="NO"
 nsshd_enable="YES"
usbd_enable="YES"
network_interfaces="lo0 ppp0 tun0"
firewall_enable="YES"
firewall_script="/etc/firewall. conf"
firewall_logging="YES"
syslogd_enable="YES"
 nifconfig_tun0=
router_enable="NO"

The first four lines should already be just fine; it's the items following that matter. Yes, that line with ifconfig_tun0 is the exception, with no variable and no quotation marks. Save the file and close it, but not Kedit. Now lets open the file named /etc/mail/mailer.conf. Look at the file; it should have lines like this:

sendmail /usr/local/sbin/sendmail
send-mail /usr/local/sbin/sendmail
mailq /usr/local/sbin/sendmail
newaliases /usr/local/sbin/sendmail
#hoststat /usr/local/sbin/sendmail
#purgestat /usr/local/sbin/sendmail

The last two may not be there, and it won't matter. If they say anything else, change them to match those above. Save and close the file. Now open another file: /usr/local/etc/postfix/aliases. Near the top of this file is a line that says:

# Person who should get root's mail. Don't receive mail as root!

The next line should say root: and a space followed by your user account name. Mine is "jeh" so it looks like this:

root: jeh

This way, any mail the system sends to root will come to my user account. Once you have logged into your user account, at lease once each day, you should open a Konsole window (there's at least one icon somewhere on the toolbar for it, or you can find it in the menu under "System") and type the command pine and you should be able to figure it out from there. Pine puts the command options at the bottom of the screen, and flashes information just above it. Pine has all sorts of configuration options; just read the menu system carefully and see what's offered. For now, it's ready to read system mail as is.

Firewall

While FreeBSD is one of the most secure systems on the Internet, you still need to take normal precautions to prevent attacks. One of those is to setup a firewall. For now, I'm going to offer a premade firewall that has been put together with expert help. Copy it verbatim; cut and paste what's between the dashed lines. You can make refinements when you learn more about it. Remember, this is specifically designed for dialup users:

----------------------------------------- ----------------------
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference.  Helps to make it easier to read.
fwcmd="/sbin/ipfw"

# Force a flushing of the current rules before we reload.
${fwcmd} -f flush

# Allow all data from my network card and localhost.
${fwcmd} add allow ip from any to any via lo0

# Allow all connections that I initiate.
${fwcmd} add allow tcp from any to any out xmit tun0 setup
${fwcmd} add allow tcp from any to any out xmit ppp0 setup

# Once connections are made, allow them to stay open.
${fwcmd} add allow tcp from any to any via tun0 established
${fwcmd} add allow tcp from any to any via ppp0 established

# This sends a RESET to all ident packets.
${fwcmd} add reset log tcp from any to any 113 in recv tun0
${fwcmd} add reset log tcp from any to any 113 in recv ppp0

# Allow outgoing DNS queries ONLY to the specified servers.
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0

# Allow them back in with the answers... :)
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0

# Enable ICMP: remove type 8 if you don't want your host to be pingable
${fwcmd} add allow icmp from any to any icmptypes 0,3,11,12,13,14

# Deny all the rest.
${fwcmd} add drop log ip from any to any
------------------------------------------------------------- --------

You must make changes in this file! In the bottom half of the file, I have replaced the DNS addresses provided by my ISP with Xs. You must replace the Xs with the IP addresses of your own DNS servers. Notice that there are three of each entry that end in tun0 and ppp0 -- you may not have but one or two IP addresses provided by your ISP. They are the only ones who can give you this information. Ask for the IP addresses of their DNS servers. However, you must have duplicate information for the tun0 version and the ppp0. version. We will discuss why later. Make sure the number 53 appears in each line where you see it in the example above. Save this file as /etc/firewall.conf.

Two more Internet connection issues. Go to /etc/ppp and see if there is file named options. If not, create one with a single word in it: noauth. Now go up one directory to /etc and open/create one more file named resolv.conf. In this file, there must be at least two lines. The first one should read domain followed by a space and the name of your ISP: something.net for example. The next line(s) should be the word nameserver followed by the IP address of your ISP's DNS servers. It should look something like this:

domain something.net
nameserver xxx.xx.xxx.xx
nameserver xxx.xx.xx.xxx

Save and close. Now is the time to reboot. Look for the logout button in the menu of KDE, and logout of the GUI. At the command line type this:

shutdown -r now

When all is done, it should come back up to the command line. Log into your user account this time, then startx. In KDE, you can open the KPPP utility from the menu, under "Internet" and follow the instructions to set it up. Unless you are using one of several national ISPs, you will want to avoid the setup wizard. It is now safe to connect to the Internet.

The next article will deal with adding a few important programs not included with the Install CD.

Addendum

It has come to my attention that, based on various factors in setting up your X configuration, you may have a section left out of the XF86Config file mentioned above. This would be the font paths, which are needed for some applications that run somewhat older-style interfaces. There are some dozen or so major interface frameworks for displaying in the X server, and each one has it's own set of peculiarities. If every application you run comes from KDE or Gnome 2/Gtk2, you won't notice this at all. However, if you run anything that relies on the Gnome 1 interface (aka Gtk1), Tcl/Tk, or the Motif interface, for example, you will have a problem, because the fonts won't be available to them.

The problem has to do with how the fonts are passed to your X server. Without going into too much detail, it's sufficient to explain here that the modern X server has a component called "Xft" that helps improve the font display in most cases. However, Motif (among others) does not use this component. The configuration of Xft is done automatically when you install FreeBSD. However, getting the fonts to display in the X server directly -- without Xft -- is often not set up.

To do this manually is really quite simple. In your XF86Config, look for a pair of lines like this:

Section "Files"
EndSection

In between those two lines should be listed all the places where you system has fonts that will work with the X server. The shortest answer is to write those lines in by hand. The format isn't that mysterious. When you are finished, it should look something like this:

Section "Files"
     FontPath "/usr/X11R6/lib/X11/fonts/TTF/"
     FontPath "/usr/X11R6/lib/X11/fonts/misc/"
     FontPath "/usr/X11R6/lib/X11/fonts/100dpi/"
     FontPath "/usr/X11R6/lib/X11/fonts/75dpi/"
     FontPath "/usr/X11R6/lib/X11/fonts/Type1/"
     FontPath "/usr/X11R6/lib/X11/fonts/CID/"
     FontPath "/usr/X11R6/lib/X11/fonts/Speedo/"
     FontPath "/usr/local/share/ghostscript/fonts/"
EndSection
n

The primary reason for not automatically doing this in the first place was to prevent having each font listed twice when you are selecting from a font list in KDE or Gnome 2. Some coders felt this was confusing to users. However, it sadly keeps users from having access to fonts for applications not designed specifically for KDE or Gnome 2.

[Corrections gratefully received.]



Ed Hurst is Associate Editor of Open for Business. Ed is also the Music Director for Grace Baptist Church of Kickapoo Creek, Texas. He loves computers, runs FreeBSD and GNU/Linux, and reads all sorts of things. You can reach Ed at ehurst@ofb.biz.