Desktop FreeBSD Part 2: Initial Setup
The prompt says login and we need to work as root for
awhile, so type root and ENTER, then enter
the password -- nothing will display, so you have to really get it
nailed down in your mind. Hit ENTER and prepare to work
for awhile from the console/CLI.
Final X Setup
First, let's visit the X server setup. Type at the prompt:
cd /etc/X11
then ls to ensure that you have a file named
XF86Config. If it's not there, you'll have to rerun the
script xf86config. When we know it's there, type
pico XF86Config
because pico is for newbies the most usable editor on the machine for now. If you have a mouse with a scrolling wheel, we'll need to let the system know that. Scroll down to the section that says
# *********************************** # Core Pointer's InputDevice section # ***********************************
where you see the line
Option "Device" "/dev/sysmouse"
and just below it, add this line
Option "ZAxisMapping" "4 5"
making sure the indentation on this line matches the others. Next, if you have a graphics card that can put the monitor to sleep when you are away from the computer, scroll down to the section that says
# ************************ # Graphics device section # ************************
and look for these lines
Section "Device"
Identifier
Driver
and add this line
Option "DPMS"
Most other settings you might want to change depend too much on your
specific situation, so you'll need to do the research for things like
adding TrueType fonts, which X server modules you want to run with your
hardware, and so forth. For now, read the help lines at the bottom of
the screen in the pico editor to learn that you can save the file by
typing CTRL+O ("write Out") and close the editor
with CTRL+X ("eXit") -- in typing notation, the
caret (^) is shorthand for the CTRL key.
Now we are ready to try out the GUI. Still logged in as root, simply
type startx and ENTER. Whatever desktop
you've chosen as your default should start. You probably won't have
sound working yet. It's not so complicated that a newbie can't figure
it out, but there are too many variables to deal with here. As a part
of your initiation into the world of FreeBSD, I'll direct you to the
FreeBSD Handbook that comes with your system. It comes in
several languages, but the English version is found here:
/usr/share/doc/en_US.ISO8859-1/books/ handbook/index.html
Since I am assuming you are running KDE, all you need to do is open the Konqueror browser and type that line in the location bar and hit ENTER. Scroll down the index page to section 16 for Multimedia and read about setting up sound cards. As for setting up KDE, just running it for the first time you will be introduced to a setup wizard that should handle most issues.
System Mail
One of the most important tasks for managing your own system is to
learn to read system mail. Every Open Source operating system uses
this. If you ignored my advice and did not install
postfix, you already have a system working, called
sendmail. However, you should not attempt to use this for
sending mail to the outside world -- it's too complicated for us mere
mortals. If you took my advice and installed postfix, we'll need to do
a little work to get it ready. In a later article I will explain how to
use it for sending mail on the Internet, but for now we have make sure
it's ready to run internally. There is a great deal of debate within
the BSD community about this, but the typical method is to completely
displace the old sendmail system and by running postfix under a
pseudonym of "sendmail."
Here we also learn to use a GUI editor, Kedit. Look for it in the
KDE menu system under "Editors" and click on the name. You'll
need to set it up to suit you, by clicking the "Settings" in
the menu bar and selecting the last option, "Configure
Kedit." Check each option and make adjustments; it's all pretty
self-explanitory. The most likely issue everyone wants to adjust is the
font size. When you are finished, click the "OK" button. Now,
click the icon in the toolbar at the top that looks like a folder and
open the file finder utility. On the upper right-hand side of this is
an entry box with a drop down arrow at the far right end. Click the
arrow and choose "Root Directory," then navigate into the
"etc" directory. Look for a file named rc.conf
and open it.
This is the master config file for the whole system. Get the format wrong and your machine may not boot. The main thing to remember is that each entry has the same format: an option name, an equal sign (=) and quotation marks surrounding the variables for that option. Be sure to have the quotation marks before and after.
What follows is a quick and dirty method, and if you really want to understand what the options mean, you'll need to read the FreeBSD Handbook a great deal. For now, you'll have to trust me. Make sure this rc.conf file has the following lines in it:
hostname="name.local.bsd" nkern_securelevel_enable="NO" linux_enable="YES" nnfs_reserved_port_only="YES" sendmail_enable="YES" nsendmail_flags="-bd" sendmail_outbound_enable="NO" nsendmail_submit_enable="NO" sendmail_msp_queue_enable="NO" nsshd_enable="YES" usbd_enable="YES" network_interfaces="lo0 ppp0 tun0" firewall_enable="YES" firewall_script="/etc/firewall. conf" firewall_logging="YES" syslogd_enable="YES" nifconfig_tun0= router_enable="NO"
The first four lines should already be just fine; it's the items
following that matter. Yes, that line with ifconfig_tun0
is the exception, with no variable and no quotation marks. Save the
file and close it, but not Kedit. Now lets open the file named
/etc/mail/mailer.conf. Look at the file; it should have
lines like this:
sendmail /usr/local/sbin/sendmail send-mail /usr/local/sbin/sendmail mailq /usr/local/sbin/sendmail newaliases /usr/local/sbin/sendmail #hoststat /usr/local/sbin/sendmail #purgestat /usr/local/sbin/sendmail
The last two may not be there, and it won't matter. If they say
anything else, change them to match those above. Save and close the
file. Now open another file:
/usr/local/etc/postfix/aliases. Near the top of this file
is a line that says:
# Person who should get root's mail. Don't receive mail as root!
The next line should say root: and a space followed by
your user account name. Mine is "jeh" so it looks like
this:
root: jeh
This way, any mail the system sends to root will come to my user
account. Once you have logged into your user account, at lease once
each day, you should open a Konsole window (there's at least one icon
somewhere on the toolbar for it, or you can find it in the menu under
"System") and type the command pine and you
should be able to figure it out from there. Pine puts the command
options at the bottom of the screen, and flashes information just above
it. Pine has all sorts of configuration options; just read the menu
system carefully and see what's offered. For now, it's ready to read
system mail as is.
Firewall
While FreeBSD is one of the most secure systems on the Internet, you still need to take normal precautions to prevent attacks. One of those is to setup a firewall. For now, I'm going to offer a premade firewall that has been put together with expert help. Copy it verbatim; cut and paste what's between the dashed lines. You can make refinements when you learn more about it. Remember, this is specifically designed for dialup users:
----------------------------------------- ----------------------
# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Force a flushing of the current rules before we reload.
${fwcmd} -f flush
# Allow all data from my network card and localhost.
${fwcmd} add allow ip from any to any via lo0
# Allow all connections that I initiate.
${fwcmd} add allow tcp from any to any out xmit tun0 setup
${fwcmd} add allow tcp from any to any out xmit ppp0 setup
# Once connections are made, allow them to stay open.
${fwcmd} add allow tcp from any to any via tun0 established
${fwcmd} add allow tcp from any to any via ppp0 established
# This sends a RESET to all ident packets.
${fwcmd} add reset log tcp from any to any 113 in recv tun0
${fwcmd} add reset log tcp from any to any 113 in recv ppp0
# Allow outgoing DNS queries ONLY to the specified servers.
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
# Allow them back in with the answers...
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
# Enable ICMP: remove type 8 if you don't want your host to be pingable
${fwcmd} add allow icmp from any to any icmptypes 0,3,11,12,13,14
# Deny all the rest.
${fwcmd} add drop log ip from any to any
------------------------------------------------------------- --------
You must make changes in this file! In the bottom
half of the file, I have replaced the DNS addresses provided by my ISP
with Xs. You must replace the Xs with the IP addresses of your own DNS
servers. Notice that there are three of each entry that end in
tun0 and ppp0 -- you may not have but one or
two IP addresses provided by your ISP. They are the only ones who can
give you this information. Ask for the IP addresses of their DNS
servers. However, you must have duplicate information for the
tun0 version and the ppp0. version. We will
discuss why later. Make sure the number 53 appears in each
line where you see it in the example above. Save this file as
/etc/firewall.conf.
Two more Internet connection issues. Go to /etc/ppp and
see if there is file named options. If not, create one
with a single word in it: noauth. Now go up one directory
to /etc and open/create one more file named
resolv.conf. In this file, there must be at least two
lines. The first one should read domain followed by a
space and the name of your ISP: something.net for example.
The next line(s) should be the word nameserver followed by
the IP address of your ISP's DNS servers. It should look something like
this:
domain something.net nameserver xxx.xx.xxx.xx nameserver xxx.xx.xx.xxx
Save and close. Now is the time to reboot. Look for the logout button in the menu of KDE, and logout of the GUI. At the command line type this:
shutdown -r now
When all is done, it should come back up to the command line. Log into your user account this time, then startx. In KDE, you can open the KPPP utility from the menu, under "Internet" and follow the instructions to set it up. Unless you are using one of several national ISPs, you will want to avoid the setup wizard. It is now safe to connect to the Internet.
The next article will deal with adding a few important programs not included with the Install CD.
Addendum
It has come to my attention that, based on various factors in setting up your X configuration, you may have a section left out of the XF86Config file mentioned above. This would be the font paths, which are needed for some applications that run somewhat older-style interfaces. There are some dozen or so major interface frameworks for displaying in the X server, and each one has it's own set of peculiarities. If every application you run comes from KDE or Gnome 2/Gtk2, you won't notice this at all. However, if you run anything that relies on the Gnome 1 interface (aka Gtk1), Tcl/Tk, or the Motif interface, for example, you will have a problem, because the fonts won't be available to them.
The problem has to do with how the fonts are passed to your X server. Without going into too much detail, it's sufficient to explain here that the modern X server has a component called "Xft" that helps improve the font display in most cases. However, Motif (among others) does not use this component. The configuration of Xft is done automatically when you install FreeBSD. However, getting the fonts to display in the X server directly -- without Xft -- is often not set up.
To do this manually is really quite simple. In your XF86Config, look for a pair of lines like this:
Section "Files" EndSection
In between those two lines should be listed all the places where you system has fonts that will work with the X server. The shortest answer is to write those lines in by hand. The format isn't that mysterious. When you are finished, it should look something like this:
Section "Files"
FontPath "/usr/X11R6/lib/X11/fonts/TTF/"
FontPath "/usr/X11R6/lib/X11/fonts/misc/"
FontPath "/usr/X11R6/lib/X11/fonts/100dpi/"
FontPath "/usr/X11R6/lib/X11/fonts/75dpi/"
FontPath "/usr/X11R6/lib/X11/fonts/Type1/"
FontPath "/usr/X11R6/lib/X11/fonts/CID/"
FontPath "/usr/X11R6/lib/X11/fonts/Speedo/"
FontPath "/usr/local/share/ghostscript/fonts/"
EndSection
nThe primary reason for not automatically doing this in the first place was to prevent having each font listed twice when you are selecting from a font list in KDE or Gnome 2. Some coders felt this was confusing to users. However, it sadly keeps users from having access to fonts for applications not designed specifically for KDE or Gnome 2.
[Corrections gratefully received.]
Ed Hurst is Associate Editor of Open for Business. Ed is also the Music Director for Grace Baptist Church of Kickapoo Creek, Texas. He loves computers, runs FreeBSD and GNU/Linux, and reads all sorts of things. You can reach Ed at ehurst@ofb.biz.