November 21st, 2003, 14:48
Desktop FreeBSD Part 2: Initial Setup
Ed Hurst 20 November 2003

================================================== ======================

There are several tasks to which we must attend before actually making use of our freshly installed FreeBSD system. Immediately upon reboot, you will find yourself in the console. While it is possible to setup and use the graphical login managers -- kdm, gdm or others -- it is important to note that this uses extra resources. One of our assumptions is that you might not have all that excess horsepower, so we'll stick with the console login for now.

The prompt says "login" and we need to work as root for awhile, so type "root" and ENTER, then enter the password -- nothing will display, so you have to really get it nailed down in your mind. Hit ENTER and prepare to work for awhile from the console/CLI.


First, let's visit the X server setup. The command "cd" means "change directory", so type at the prompt:

cd /etc/X11

then "ls" (list) to ensure that you have a file named "XF86Config". If it's not there, you'll have to rerun the script "xf86config". When we know it's there, type

pico XF86Config

because pico is for newbies the most usable editor on the machine for now. If you have a mouse with a scrolling wheel, we'll need to let the system know that. Scroll down to the section that says

# ***********************************
# Core Pointer's InputDevice section
# ***********************************

where you see the line

Option "Device" "/dev/sysmouse"

and just below it, add this line

Option "ZAxisMapping" "4 5"

making sure the indentation on this line matches the others. Next, if you have a graphics card that can put the monitor to sleep when you are away from the computer, scroll down to the section that says

# ************************
# Graphics device section
# ************************

and look for these lines

Section "Device"

and add this line

Option "DPMS"

Most other settings you might want to change depend too much on your specific situation, so you'll need to do the research for things like adding TrueType fonts, which X server modules you want to run with your hardware, and so forth. For now, read the help lines at the bottom of the screen in the pico editor to learn that you can save the file by typing CTRL+O ("write Out") and close the editor with CTRL+X ("eXit") -- in typing notation, the caret (^) is shorthand for the CTRL key.

Now we are ready to try out the GUI. Still logged in as root, simply type "startx" and ENTER. Whatever desktop you've chosen as your default
should start. You probably won't have sound working yet. It's not so complicated that a newbie can't figure it out, but there are too many variables to deal with here. As a part of your initiation into the world of FreeBSD, I'll direct you to the =FreeBSD Handbook= that comes with your system. It comes in several languages, but the English version is found here:


Since I am assuming you are running KDE, all you need to do is open the Konqueror browser and type that line in the location bar and hit ENTER. Scroll down the index page to section 16 for Multimedia and read about setting up sound cards. As for setting up KDE, just running it for the first time you will be introduced to a setup wizard that should handle most issues. Other options can be found in the KDE menu, under "Settings" where you will find the "Control Center." Explore it's options and experiement. Then do the same for your user account later.


One of the most important tasks for managing your own system is to learn to read system mail. Every Open Source operating system uses this. If you ignored my advice and did not install postfix, you already have a system working, called sendmail. However, you should not attempt to use this for sending mail to the outside world -- it's too complicated for us mere mortals. If you took my advice and installed postfix, we'll need to do a little work to get it ready. In a later article I will explain how to use it for sending mail on the Internet, but for now we have make sure it's ready to run internally. There is a
bit of debate within the BSD community about this, but the typical method is to completely displace the old sendmail system and by running postfix under a pseudonym of "sendmail".

Here we also learn to use a GUI editor: Kedit. Look for it in the KDE menu system under "Editors" and click on the name. You'll need to set it up to suit you, by clicking the "Settings" in the menu bar and selecting the last option, "Configure Kedit". Check each option and make adjustments; it's all pretty self-explanatory. The most likely issue everyone wants to adjust is the font size. When you are finished, click the "OK" button. Now, click the icon in the toolbar at the top that looks like a file folder and open the file finder utility. On the upper right-hand side of this is an entry box with a drop down arrow at the far right end. Click the arrow and choose "Root Directory", then navigate into the "etc" directory. Look for a file named "rc.conf" and open it.

This is the master config file for the whole system. Get the format wrong and your machine may not boot. The main thing to remember is that each entry has the same format: an option name, an equal sign (=) and quotation marks surrounding the variables for that option. Be sure to have the double quotation marks before and after.

What follows is a quick and dirty method, and if you really want to understand what the options mean, you'll need to read the =FreeBSD Handbook= a great deal. For now, you'll have to trust me. Make sure your rc.conf file has the following lines in it:

network_interfaces="lo0 ppp0 tun0"

The first four lines should already be just fine; it's the items following that matter. Yes, that line with "ifconfig_tun0" is the exception, with no variable and no quotation marks. Save the file and close it, but not Kedit. Now lets open the file named /etc/mail/mailer.conf. Look at the file; it should have lines like this:

sendmail /usr/local/sbin/sendmail
send-mail /usr/local/sbin/sendmail
mailq /usr/local/sbin/sendmail
newaliases /usr/local/sbin/sendmail
#hoststat /usr/local/sbin/sendmail
#purgestat /usr/local/sbin/sendmail

The last two may not be there, and it won't matter. If they say anything else, change them to match those above. Save and close the file. Now open another file: /usr/local/etc/postfix/aliases. Near the top of this file is a line that says:

# Person who should get root's mail. Don't receive mail as root!

The next line should say "root:" and a space followed by your user account name. Mine is "jeh" so it looks like this:

root: jeh

This way, any mail the system sends to root will come to my user account. Once you have logged into your user account, at lease once each day, you should open a Konsole window (there's at least one icon somewhere on the toolbar for it, or you can find it in the menu under "System") and type the command "pine" and you should be able to figure it out from there. Pine puts the command options at the bottom of the screen, and flashes information just above that. Pine has all sorts of configuration options; just read the menu system carefully and see what's offered. For now, it's ready to read system mail as is.


While FreeBSD is one of the most secure systems on the Internet, you still need to take normal precautions to prevent attacks. One of those is to setup a firewall. For now, I'm going to offer a pre-made firewall that has been put together with expert help. Copy it verbatim; cut and paste what's between the dashed lines. You can make refinements when you learn more about it. Remember, this is specifically designed for dialup users:

# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.

# Force a flushing of the current rules before we reload.
${fwcmd} -f flush

# Allow all data from my network card and localhost.
${fwcmd} add allow ip from any to any via lo0

# Allow all connections that I initiate.
${fwcmd} add allow tcp from any to any out xmit tun0 setup
${fwcmd} add allow tcp from any to any out xmit ppp0 setup

# Once connections are made, allow them to stay open.
${fwcmd} add allow tcp from any to any via tun0 established
${fwcmd} add allow tcp from any to any via ppp0 established

# This sends a RESET to all ident packets.
${fwcmd} add reset log tcp from any to any 113 in recv tun0
${fwcmd} add reset log tcp from any to any 113 in recv ppp0

# Allow outgoing DNS queries ONLY to the specified servers.
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit tun0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0
${fwcmd} add allow udp from any to xxx.xx.xxx.xx 53 out xmit ppp0

# Allow them back in with the answers...
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv tun0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0
${fwcmd} add allow udp from xxx.xx.xxx.xx 53 to any in recv ppp0

# Enable ICMP: remove type 8 if you don't want your host to be pingable
${fwcmd} add allow icmp from any to any icmptypes 0,3,11,12,13,14

# Deny all the rest.
${fwcmd} add drop log ip from any to any

YOU MUST MAKE CHANGES IN THIS FILE! In the bottom half of the file, I have replaced the DNS addresses provided by my ISP with Xs. You must replace the Xs with the IP addresses of your own DNS servers. Notice that there are three of each entry that end in "tun0" and "ppp0" -- you may not have but one or two IP addresses provided by your ISP. They are the only ones who can give you this information. Ask for the IP addresses of their DNS servers. However, you must have duplicate information for the "tun0" version and the "ppp0" version. We will discuss why later. Make sure the number "53" appears in each line where you see it in the example above. Save this file as /etc/firewall.conf.

Two more Internet connection issues. Go to /etc/ppp and see if there is file named "options". If not, create one with a single word in it: noauth. Now go up one directory to /etc and open/create one more file named "resolv.conf". In this file, there must be at least two lines. The first one should read "domain" followed by a space and the name of your ISP: "something.net" for example. The next line(s) should be the word "nameserver" followed by the IP address of your ISP's DNS servers. It should look something like this:

domain something.net
nameserver xxx.xx.xxx.xx
nameserver xxx.xx.xx.xxx

Save and close. Now is the time to reboot. Look for the logout button in the menu of KDE, and logout of the GUI. At the command line type this:

shutdown -r now

When all is done, it should come back up to the command line. Log into your user account this time, then startx. In KDE, you can open the KPPP utility from the menu, under "Internet" and follow the instructions to set it up. Unless you are using one of several national ISPs, you will want to avoid the setup wizard. It is now safe to connect to the Internet.

=The next article will deal with adding a few important programs not included with the Install CD.=

Corrections gratefully received.

November 21st, 2003, 15:31
Most excellent install how-to/s, bumbler! :D Sure would have been great to have had these in hand on the first couple a rounds of installs here. Got a 5.1 FreeBSD box going, but having a nasty time (of course) with printing :( Wondered what words of wisdom that you (or other SE/s that are less on the newb side of things than me) might have on printing. Tried the instructions (down to the last jot/tittle) in the Handbook (2nd), Lehey's book, and Anderson's book..................actually did get the machine to talk to the printer (HP6P, not a postscript, parallel not serial--have the right drivers and all), but either it spit out blank paper, printed one/two lines of text, or was dog slow (printed the whole thing, but one page of text and a .gif took 3 minutes and more). Got a brandy new IEEE cable, but same results on the speed. Tried the CUPS how-to that petie put-up in the how-to section that was from the freebsdforum site, but got a lot of errors (just like what ticktock said in his reply). I need to print from a stand-alone workstation, so looks like apsfilter is the way to go. The printing is pretty much keeping me from migrating almost everything (except one Windows program that just will not run in any flavor WINE or VMWare) to the FreeBSD box. Know you probably need more specific info--but hoping someone could maybe put me ia little closer to the ballpark or maybe even in the ballpark. :wink:

November 21st, 2003, 20:19
I have had really good fortune in that respect. I've never owned anything except Epson, which became a bit of a standard that other printers emulated for a time. All I know is this: the last time I got printing set up, I used apsfilter and it worked fine on my Epson Color Stylus 860. I've used apsfilter before, so I knew what to look for, and etc. I haven't touched it yet on this latest install. I'm going to try CUPS first. I'll let you know if I stumble across something for you.

That said, I'll never buy another Epson again. Their new policy (copied by others) with smart ink cartridges infuriates me. When this breaks, if I haven't gotten something really good, I'll be going back to dot-matrix. At least I can afford the ink ribbons.

As for being "less of a newbie" -- that's a matter of opinion. I'm a seasoned Linux user, but never any kind of guru. I just happen to be able to write pretty well, and make it sound like I really know what I'm talking about... :wink:


November 21st, 2003, 21:05
Thanks, bumbler.................gonna try the apsfilter again with the nice new IEEE cable I got today. I hang on to old HP6P even though it old, as its been a workhorse and just won't die. If I get the thing working, I will write something for a how-to for others with old HPs.

November 22nd, 2003, 09:56
Wondered what words of wisdom that you (or other SE/s that are less on the newb side of things than me) might have on printing.
Two key words: laser, Postscript.

If you can't afford one, at least get the other.

Unless you really, really need colour, get an inexpensive b&w laser printer. The economics are good now compared to bubble/inkjets. These can be had brand-new for $500 Can. now, so they must be around $250 US. The toner lasts for 6000 sheets (possibly all you'll ever print while you own it. :-) Also check used PC places for refurbished lasers. HP Laserjets last (almost) forever.

Inkjet printers are dirt cheap, but the ink and paper costs up to a buck a sheet worst case.

I have an HP Laserjet 4M+ that I bought in 1994 and it's still going strong. It's got ethernet so it's directly on the net. I can spool to it from FreeBSD using stock lpr/lpd. My Windows boxes print to it through Samba.

When we need to print a photo or a colour proof, we use a cheapo Canon Bubblejet (BJC 2000) attached to a Windoze box.

If you get a laser without Postscript, install Ghostscript and create a filter for lpr/lpd that converts Postscript to your laser's language (usually HP Laserjet compatible) and sends that. As of LaserJet III the stream is compressed so you can even talk efficiently to them through a serial link. Interfacing through a USB port would be fantastic too.

Ghostscript has HowTo's on interfacing to lpr/lpd. Perhaps using CUPS makes this easier, I dunno, I never tried it.

November 22nd, 2003, 10:08
[...] was dog slow (printed the whole thing, but one page of text and a .gif took 3 minutes and more).
(missed this on 1st read)

Critical to enable the PCL compression feature. Ghostscript's Laserjet driver includes it. It's been a decade since I last set that up so I don't recall the specifics, but if you dig into the Ghostscript docs you should find it in the HP-LJ readme's.

The thing to remember is that you are creating a bitmap of the entire page and sending that to the printer. At 600 or 1200 DPI, that's a lot of bits. It's no wonder that took a few minutes to send. That's why link-compression is so important.

It's also why Postscript is a much better idea. :-)