Beginners Guide - How To Set Up A FreeBSD Desktop From Scratch

Updated to reflect FreeBSD 12.2-RELEASE.
There are several things described in this Beginners Guide that I don't see in the Handbook. So I am confused on what I should follow. I assume I can combine this Beginners Guide with the Handbook. It seems logical, but I am a beginner and don't know what I really need to get the desktop working.

The Handbook is the Official Guide and required reading before asking questions. if you need to ask a question someone will always be happy to help.

I never look at the Handbook anymore. I keep one laptop running and if I can't remember something exactly will reference my own work. This is how I learned to do it and how I've been doing it for years. I prefer ports and they are what I've always used so if there is a problem I'm comfortable I can resolve it and move on.

I've built 4 different 12.2 machines so far and on 3 there was an issue that prevented portmaster from continuing. Each time I manually installed the port that was the problem using make install clean. Then I was able to restart portmaster and it finished the build from there.
 
Updated to include 3 x11-wm/fluxbox styles of different colors as .txt attachments and instructions how to put them to use, should you so desire.

8ball.txt, bloodflow.txt and electricblue.txt are the theme file names.

I set programs to use the same font for some system-wide symmetry.
 
Updated to reflect steps needed done for a box with Switchable Graphics during the installation of x11/xorg and how to set it correctly in the BIOS before first boot to the desktop.

The example given was for a T400 that has Switchable Graphics with Intel GMA 4500MHD and ATI Mobility Radeon HD 3470 chips to get it to run n the ATI chip.
 
Good job, Trihex. I followed your tutorial...mostly....although I used pkg install instead of make install clean because in previous installs, there would be missing dependencies when compiling from the ports which didn't appear when using the packages. I had zero issues with your tutorial. It is excellent.

Also, I installed MATE after using fluxbox for a bit. As I have mentioned here more than once, I am trying to build a desktop on FreeBSD 12.2-RELEASE-p4 to enable the computo-klutzes in my family to completely dump Billy Gates' offerings. Fluxbox is a bit too simple for those folks.

MATE is working a treat! :)

The only problem I have run into so far is that using your set up for pf made it impossible for CUPS to work. Inputting http:localhost:631 into any browser I had installed (Firefox, Chromium (which I hate), and even Lynx) resulted in all of them returning a timeout, file not found error. I could only get it to work by commenting out of rc.conf all of those lines dealing with pf. I am sure that by correctly tweaking pf, that problem would go away, but I don't know enough yet to fix it.

I printed off all 36 of the man pages dealing with pf, and all the pages from the Handbook dealing with firewalls, although I have not yet had the necessary time to study them even once, let alone 4 or 5 times. ;-)

Since all of the 'pooters I am working with here are "workstations", I am wondering if I even need a firewall on each machine, since our router has a built-in firewall anyway?

Still, since I am a "belt and suspenders" type of tech, I would like to have a decent firewall on each machine. I am tempted to use IPFW.

Ken Gordon
 
Good job, Trihex. I followed your tutorial...mostly....although I used pkg install instead of make install clean because in previous installs, there would be missing dependencies when compiling from the ports which didn't appear when using the packages. I had zero issues with your tutorial. It is excellent.

I'm glad it worked for you. I just built a box from ground up using pkg instead of ports for the first time ever a couple days ago. I won't be changing from ports but it worked very nicely. The only problem was pkg willingly installed a vulnerable version of graphics/jasper and I had to make deinstall clean the old version before building an up-to-date version from ports.

If I read you correctly and you used make install clean all through the build instead of letting ports-mgmt/portmaster build all your 3rd party programs that is where I would say you ended up with missing dependencies.

I was going to have portmaster build jasper from ports but it looked like it was pulling in a lot more than I wanted or thought it needed to. So I used make installl clean to build it from ports and watched every minute of it to make sure my T43 wasn't going to over heat.

It still pulled in a lot of dependencies on it's own I wouldn't have thought required but I'm pretty sure not as many as portmaster planned on doing because I had already checked off the screens and declined the build.

I've built them from gound up using make install clean and ports-mgmt/portupgrade before I ever used portmaster so it's perfectly OK to do so. You just have to work that kind of thing out by hand and build the dependencies yourself as part of the learning experience.

If you feel more comfortable using Mate you might as well use what you like and think your Family will be able to make the transition over to FreeBSD as seamlessly as possible.

The only problem I have run into so far is that using your set up for pf made it impossible for CUPS to work.

You would catch me when I've been awake all night and the Processor wants to shutdown now. Let me just fix mine to work for you and post it. SirDice can comment on if that's right or not and enough to do it without hosing your ruleset. Or trading pf for ipfw which shouldn't be necessary under any circumstances.

I set it up to use UDP and TCP port 631. If you need to use TCP port 80 over the LAN add it to the "cups_tcp" macro and it should be good to go. Though I have not tried it out myself the syntax should be right if not the configuration .

Edit: And does now that I've made sure of it the next morning after wetware shutdown and should be recopied into /etc/pf.conf, KenGordon. If that did indeed work for you before editing:

Code:
### CUPS_pf_rules_included
### Macro name for external interface
ext_if = "em0"
netbios_tcp = "{ 22, 23, 25, 110, 111, 123, 512, 513, 514, 515, 6000, 6010 }"
netbios_udp = "{ 123, 512, 513, 514, 515, 5353, 6000, 6010 }"

### Allow CUPS to use tcp and udp port 631
cups_tcp = "{  631 }"
cups_udp = "{ 631 }"

### Allow CUPS to be accessible (change to your other machines ifconfig -a LAN designation )
table <local> { 192.168.0.11, 192.168.0.12, 192.168.0.13 }

### Reassemble fragmented packets
scrub in on $ext_if all fragment reassemble

### Default deny everything
block log all

### Pass loopback
set skip on lo0

### Allow LAN to talk to CUPS on your machine
pass in log quick from <local> to any keep state

### Block spooks
antispoof for lo0
antispoof for $ext_if inet
block in from no-route to any
block in from urpf-failed to any
block in quick on $ext_if from any to 255.255.255.255
block in log quick on $ext_if from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 } to any

### Block all IPv6
block in quick inet6 all
block out quick inet6 all

### Block to and from port 0
block quick proto { tcp, udp } from any port = 0 to any
block quick proto { tcp, udp } from any to any port = 0

### Block specific ports
block in quick log on $ext_if proto tcp from any to any port $netbios_tcp
block in quick log on $ext_if proto udp from any to any port $netbios_udp

### Allow CUPS to talk to clients on LAN
pass out log on $ext_if proto tcp to any port $cups_tcp keep state
pass out log on $ext_if proto udp to any port $cups_udp keep state

### Keep and modulate state of outbound tcp, udp and icmp traffic
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state
 
Last edited by a moderator:
I've built 4 different 12.2 machines so far and on 3 there was an issue that prevented portmaster from continuing. Each time I manually installed the port that was the problem using make install clean. Then I was able to restart portmaster and it finished the build from there.
No comment... ;)
(Sorry I couldn't resist to add this note)
 
Ha ha! You guys are a real kick! :)

Anyway, thanks Trihex. I must say that your solution to my CUPS issue seems rather involved for what should be such a simple task. Nonetheless, I'll give it a try.

I will say that what I first thought was a CUPS issue at least made me make certain my CUPS install was correct. Anyway, it works just fine now.

Oh. Also I did install and use correctly portmaster.

During my CUPS troubles, I at one time tried to pkg deinstall cups, which resulted in the deinstallation of a ton of other executables, all of which I had to manually reinstall. That was kind of annoying, but simply told me that I didn't know enough....yet.

Ken Gordon
 
Ha ha! You guys are a real kick! :)

Anyway, thanks Trihex. I must say that your solution to my CUPS issue seems rather involved for what should be such a simple task. Nonetheless, I'll give it a try.

I will say that what I first thought was a CUPS issue at least made me make certain my CUPS install was correct. Anyway, it works just fine now.
I'm glad that fixed it. I have never used anything but FTP to establish a remote connection to another box. Not telnet, SSH, rlogin, Xwindows, PCAnywhere, installed a trojan on mine or connected to a machine that isn't on my LAN. Only FTP, so I have aways blocked everything.

I don't use or need remote access to my Thinkpad Farm, am not a sharecropper and don't pick no cotton, so I disable it all. I ran a pfSense router though so am familiar with the way networking is generally done. I have more relevant books in .pdf form than I'll ever get read.

I did firewalk a would-be-wiseguy in chat 20 years ago, back when dirt was clean, and he freaked out bigtime when I told him his LAN machine designations. The year I went without cable or Internet, I only wanted to use wi-fi once and not have to go to the library.

I couldn't pick up our hotspot, but The County Courthouse, Sheriff Dept., Police Dept., Federal Building, a couple Churchs and a School are all within a 2 block range of Tom Sawyers Townhouse. All using WPS pin, too.

If you're going for a ride, go big or stay home is what Huck always told me. So I spoofed my MAC, took a limo to get my Oh_So_Important_Had_To_Have_It_Now Final Fantasy VI Walkthru, ditched the limo and vanished like Shadow back into the Final Fantasy VI realm.

So did their adhoc hotspot SSID the next day. The funny name gave away who it belonged to anyway and only attracted my attention. My MAC addy got theirs.
 
Last edited by a moderator:
Now that the change has been made and the ports tree sorted back out everything is back to normal there is no need to change the Tutorial from using portsnap fetch update at this time.

When the next RELEASE version is released with the new methodology for updating ports included in the base system I'll change the Tutorial to remain current with that version.

Right now it isn't broke and I don't fix things till they are. (Advise I often give to people new to FreeBSD.)

That seems to be the easiest way to go about it with minimal editing and still stay current with the version it addresses as installed since that still works as intended.
 
Added my pf CUPS ruleset that allows the machine running cupsd to be accessed by other machines on the LAN:
 
I just discovered yesterday desktop-installer
I could kiss these people who made this tool.

Just install freebsd, then install the tool desktop-installer and run it.
It is an automated desktop installer.

Just made an error clicking to fast and had to run it again so maybe there was a mistake or bug but I had to add manually sddm enabled to rc.conf in order to have kde booting.
 
I just discovered yesterday desktop-installer
I could kiss these people who made this tool.
When did you discover you couldn't do it for yourself?

Just install freebsd, then install the tool desktop-installer and run it.
It is an automated desktop installer.
Yes, sysutils/desktop-installer has been in the ports tree since Jan, 31 2010.
Just made an error clicking to fast and had to run it again so maybe there was a mistake or bug but I had to add manually sddm enabled to rc.conf in order to have kde booting.
You may benefit from their sysutils/auto-admin program as well.

From your link:
Unless your goal is to learn how to integrate the components of a Unix desktop environment, manual configuration would not be a good use of your valuable time.

That's what you'll be missing out on using it.

There are some important issues that new FreeBSD users are unlikely to know about, such as ensuring that your ports tree and packages are in sync, how to correctly configure devd, sound devices and graphics drivers, to name a few.

When you get their desktop set up, show us the relevant system and security files so I can see how they compare to the ones I outline in my Tutorial.

It's not for everybody, so don't feel bad. My own Sister admits she couldn't follow it.
She works at a computer all day in the billing Dept. of a State Facility and only knows the Program she uses.

When It breaks downs she calls somebody to come fix it for her, like the people who can follow it.

Who you gonna call?
GhostBuSteD?
 
I'd like to subscribe here since I am going to switch to FreeBSD in the very next few days.

p.s. I think that ipfw is better for a basic firewall protection.
 
There's a saying that in Unix, there's always more than one way to do things. The corollary is Yeah, and someone will think your way is stupid. :)
Trihex is saying his way is *the* way, it is *a* way that will help people new to FreeBSD get started with a working desktop solution.
 
There's a saying that in Unix, there's always more than one way to do things. The corollary is Yeah, and someone will think your way is stupid. :)
Trihex is saying his way is *the* way, it is *a* way that will help people new to FreeBSD get started with a working desktop solution.
Damn, this is a good one. 😩 My sentiments exactly. Yeah, some methods do have their drawbacks. The challenge here is to be professional enough to recognize the drawbacks, have a technical solution for them, and to avoid personal attacks by calling other methods stupid.
 
I'd like to subscribe here since I am going to switch to FreeBSD in the very next few days.

p.s. I think that ipfw is better for a basic firewall protection.
What are you basing your opinion on?

How long have you used pf and ipfw on a box to compare them?

I used ipfw on Solaris before pf became available on that platform.

I've used pf since becoming a beta tester for PC-BSD in June 2005 and personally prefer it. I carried my pf port 0 rule over from Win98 Conseal PC Firewall ruleset, so I have a long hostory of using rule-based firewalls.

Wow, I left out an important word. I *meant* to say "Trihex is *not* saying his way is the way, Sorry. (Though I don't pretend to speak for him, either).
What I am saying is that this is the way I install FreeBSD on my laptops line for line and it works for me every time.

I have 4 laptops running FreeBSD and know I'm going to end up with a stable build I compiled from the ground up on each one.

It originally started out as notes to my self so I wouldn't forget how and I've supplemented and updated it regularly to improve it.

I compile all 3rd party programs from ports, portsnap fetch extract and portsnap fetch update work just like they always have. I have yet to have to use a GIT client and there is no need to change the tutorial till I do..
 
Back
Top