Configuration of various options follows the successful
installation. An option can be configured by re-entering the
configuration options before booting the new FreeBSD
system or after installation using
sysinstall
and selecting
.
If you previously configured PPP for an FTP install, this screen will not display and can be configured later as described above.
For detailed information on Local Area Networks and configuring FreeBSD as a gateway/router refer to the Advanced Networking chapter.
To configure a network device, select and press Enter. Otherwise, select to continue.
Select the interface to be configured with the arrow keys and press Enter.
In this private local area network, the current Internet type protocol (IPv4) was sufficient and was selected with the arrow keys and Enter pressed.
If you are connected to an existing IPv6 network with an RA server, then choose and press Enter. It will take several seconds to scan for RA servers.
If DHCP (Dynamic Host Configuration Protocol) is not required select with the arrow keys and press Enter.
Selecting will execute dhclient, and if successful, will fill in the network configuration information automatically. Refer to Section 30.5, “Automatic Network Configuration (DHCP)” for more information.
The following Network Configuration screen shows the configuration of the Ethernet device for a system that will act as the gateway for a Local Area Network.
Use Tab to select the information fields and fill in appropriate information:
- Host
The fully-qualified hostname, such as
k6-2.example.comin this case.- Domain
The name of the domain that your machine is in, such as
example.comfor this case.- IPv4 Gateway
IP address of host forwarding packets to non-local destinations. You must fill this in if the machine is a node on the network. Leave this field blank if the machine is the gateway to the Internet for the network. The IPv4 Gateway is also known as the default gateway or default route.
- Name server
IP address of your local DNS server. There is no local DNS server on this private local area network so the IP address of the provider's DNS server (
208.163.10.2) was used.- IPv4 address
The IP address to be used for this interface was
192.168.0.1- Netmask
The address block being used for this local area network is
192.168.0.0-192.168.0.255with a netmask of255.255.255.0.- Extra options to ifconfig
Any interface-specific options to
ifconfigyou would like to add. There were none in this case.
Use Tab to select when finished and press Enter.
Choosing and pressing Enter will bring the machine up on the network and be ready for use. However, this does not accomplish much during installation, since the machine still needs to be rebooted.
If the machine will be acting as the gateway for a local area network and forwarding packets between other machines then select and press Enter. If the machine is a node on a network then select and press Enter to continue.
If is selected, various services such telnetd will not be enabled. This means that remote users will not be able to telnet into this machine. Local users will still be able to access remote machines with telnet.
These services can be enabled after installation by editing
/etc/inetd.conf with your favorite text editor.
See Section 30.2.1, “Overview” for more information.
Select if you wish to configure these services during install. An additional confirmation will display:
Select to continue.
Selecting will allow adding
services by deleting the # at the beginning
of a line.
After adding the desired services, pressing Esc will display a menu which will allow exiting and saving the changes.
Selecting will enable sshd(8), the daemon program for OpenSSH. This will allow secure remote access to your machine. For more information about OpenSSH see Section 15.10, “OpenSSH”.
Selecting the default and pressing Enter will still allow users who have accounts with passwords to use FTP to access the machine.
Anyone can access your machine if you elect to allow anonymous FTP connections. The security implications should be considered before enabling this option. For more information about security see Chapter 15, Security.
To allow anonymous FTP, use the arrow keys to select and press Enter. An additional confirmation will display:
This message informs you that the FTP service will also
have to be enabled in /etc/inetd.conf
if you want to allow anonymous FTP connections, see Section 3.10.3, “Configure Internet Services”. Select and press
Enter to continue; the following screen
will display:
Use Tab to select the information fields and fill in appropriate information:
- UID
The user ID you wish to assign to the anonymous FTP user. All files uploaded will be owned by this ID.
- Group
Which group you wish the anonymous FTP user to be in.
- Comment
String describing this user in
/etc/passwd.- FTP Root Directory
Where files available for anonymous FTP will be kept.
- Upload Subdirectory
Where files uploaded by anonymous FTP users will go.
The FTP root directory will be put in /var
by default. If you do not have enough room there for the
anticipated FTP needs, the /usr directory
could be used by setting the FTP root directory to
/usr/ftp.
When you are satisfied with the values, press Enter to continue.
If you select and press Enter, an editor will automatically start allowing you to edit the message.
This is a text editor called ee. Use the
instructions to change the message or change the message later
using a text editor of your choice. Note the file name/location
at the bottom of the editor screen.
Press Esc and a pop-up menu will default to . Press Enter to exit and continue. Press Enter again to save changes if you made any.
Network File System (NFS) allows sharing of files across a network. A machine can be configured as a server, a client, or both. Refer to Section 30.3, “Network File System (NFS)” for a more information.
If there is no need for a Network File System server, select and press Enter.
If is chosen, a message will
pop-up indicating that the exports file must be
created.
Press Enter to continue. A text editor will
start allowing the exports file to be created
and edited.
Use the instructions to add the actual exported filesystems now or later using a text editor of your choice. Note the file name/location at the bottom of the editor screen.
Press Esc and a pop-up menu will default to . Press Enter to exit and continue.
There are several options available to customize the system console.
To view and configure the options, select and press Enter.
A commonly used option is the screen saver. Use the arrow keys to select and then press Enter.
Select the desired screen saver using the arrow keys and then press Enter. The System Console Configuration menu will redisplay.
The default time interval is 300 seconds. To change the time interval, select again. At the Screen Saver Options menu, select using the arrow keys and press Enter. A pop-up menu will appear:
The value can be changed, then select and press Enter to return to the System Console Configuration menu.
Selecting and pressing Enter will continue with the post-installation configurations.
Setting the time zone for your machine will allow it to automatically correct for any regional time changes and perform other time zone related functions properly.
The example shown is for a machine located in the Eastern time zone of the United States. Your selections will vary according to your geographical location.
Select and press Enter to set the time zone.
Select or according to how the machine's clock is configured and press Enter.
The appropriate region is selected using the arrow keys and then pressing Enter.
Select the appropriate country using the arrow keys and press Enter.
The appropriate time zone is selected using the arrow keys and pressing Enter.
Confirm the abbreviation for the time zone is correct. If it looks okay, press Enter to continue with the post-installation configuration.
This option will allow you to cut and paste text in the console and user programs with a 3-button mouse. If using a 2-button mouse, refer to manual page, moused(8), after installation for details on emulating the 3-button style. This example depicts a non-USB mouse configuration (such as a PS/2 or COM port mouse):
Select for a PS/2, serial or bus mouse, or for a USB mouse and press Enter.
Use the arrow keys to select and press Enter.
The mouse used in this example is a PS/2 type, so the default was appropriate. To change protocol, use the arrow keys to select another option. Ensure that is highlighted and press Enter to exit this menu.
Use the arrow keys to select and press Enter.
This system had a PS/2 mouse, so the default was appropriate. To change the port, use the arrow keys and then press Enter.
Last, use the arrow keys to select , and press Enter to enable and test the mouse daemon.
Move the mouse around the screen and verify the cursor shown responds properly. If it does, select and press Enter. If not, the mouse has not been configured correctly — select and try using different configuration options.
Select with the arrow keys and press Enter to return to continue with the post-installation configuration.
Packages are pre-compiled binaries and are a convenient way to install software.
Installation of one package is shown for purposes of
illustration. Additional packages can also be added at this
time if desired. After installation
sysinstall can be used to add additional
packages.
Selecting and pressing Enter will be followed by the Package Selection screens:
Only packages on the current installation media are available for installation at any given time.
All packages available will be displayed if is selected or you can select a particular category. Highlight your selection with the arrow keys and press Enter.
A menu will display showing all the packages available for the selection made:
The bash shell is shown selected. Select as many as desired by highlighting the package and pressing the Space key. A short description of each package will appear in the lower left corner of the screen.
Pressing the Tab key will toggle between the last selected package, , and .
When you have finished marking the packages for installation, press Tab once to toggle to the and press Enter to return to the Package Selection menu.
The left and right arrow keys will also toggle between and . This method can also be used to select and press Enter to return to the Package Selection menu.
Use the Tab and arrow keys to select and press Enter. You will then need to confirm that you want to install the packages:
Selecting and pressing Enter will start the package installation. Installing messages will appear until completed. Make note if there are any error messages.
The final configuration continues after packages are installed. If you end up not selecting any packages, and wish to return to the final configuration, select anyways.
You should add at least one user during the installation so
that you can use the system without being logged in as
root. The root partition is generally small
and running applications as root can quickly
fill it. A bigger danger is noted below:
Select and press Enter to continue with adding a user.
Select with the arrow keys and press Enter.
The following descriptions will appear in the lower part of the screen as the items are selected with Tab to assist with entering the required information:
- Login ID
The login name of the new user (mandatory).
- UID
The numerical ID for this user (leave blank for automatic choice).
- Group
The login group name for this user (leave blank for automatic choice).
- Password
The password for this user (enter this field with care!).
- Full name
The user's full name (comment).
- Member groups
The groups this user belongs to (i.e., gets access rights for).
- Home directory
The user's home directory (leave blank for default).
- Login shell
The user's login shell (leave blank for default, e.g.,
/bin/sh).
The login shell was changed from /bin/sh to
/usr/local/bin/bash to use the
bash shell that was previously installed as
a package. Do not try to use a shell that does not exist or you will
not be able to login. The most common shell used in the
BSD-world is the C shell, which can be indicated as
/bin/tcsh.
The user was also added to the wheel group
to be able to become a superuser with root
privileges.
When you are satisfied, press and the User and Group Management menu will redisplay:
Groups can also be added at this time if specific needs
are known. Otherwise, this may be accessed through using
sysinstall
after installation is
completed.
When you are finished adding users, select with the arrow keys and press Enter to continue the installation.
Press Enter to set the root
password.
The password will need to be typed in twice correctly. Needless to say, make sure you have a way of finding the password if you forget. Notice that the password you type in is not echoed, nor are asterisks displayed.
The installation will continue after the password is successfully entered.
If you need to configure
additional network services
or any other configuration, you can do it at this point or
after installation with sysinstall.
Select with the arrow keys and press Enter to return to the Main Installation Menu.
Select with the arrow keys and press Enter. You will be asked to confirm exiting the installation:
Select . If you are booting from the CDROM drive the following message will remind you to remove the disk:
The CDROM drive is locked until the machine starts to reboot then the disk can be removed from drive (quickly). Press to reboot.
The system will reboot so watch for any error messages that may appear, see Section 3.10.15, “FreeBSD Bootup” for more details.
Configuring network services can be a daunting task for new users if they lack previous knowledge in this area. Networking, including the Internet, is critical to all modern operating systems including FreeBSD; as a result, it is very useful to have some understanding FreeBSD's extensive networking capabilities. Doing this during the installation will ensure users have some understanding of the various services available to them.
Network services are programs that accept input from
anywhere on the network. Every effort is made to make sure
these programs will not do anything “harmful”.
Unfortunately, programmers are not perfect and through time
there have been cases where bugs in network services have been
exploited by attackers to do bad things. It is important that
you only enable the network services you know that you need. If
in doubt it is best if you do not enable a network service until
you find out that you do need it. You can always enable it
later by re-running sysinstall or by
using the features provided by the
/etc/rc.conf file.
Selecting the option will display a menu similar to the one below:
The first option, , was previously covered during the Section 3.10.1, “Network Device Configuration”, thus this option can safely be ignored.
Selecting the option adds support for the BSD automatic mount utility. This is usually used in conjunction with the NFS protocol (see below) for automatically mounting remote file systems. No special configuration is required here.
Next in line is the option. When selected, a menu will pop up for you to enter specific AMD flags. The menu already contains a set of default options:
The -a option sets the default mount
location which is specified here as
/.amd_mnt. The -l
option specifies the default log file;
however, when syslogd is used all log
activity will be sent to the system log daemon. The
/host directory is used
to mount an exported file system from a remote
host, while /net
directory is used to mount an exported file system from an
IP address. The
/etc/amd.map file defines the default
options for AMD exports.
The option permits anonymous FTP connections. Select this option to make this machine an anonymous FTP server. Be aware of the security risks involved with this option. Another menu will be displayed to explain the security risks and configuration in depth.
The configuration menu will set the machine up to be a gateway as explained previously. This can be used to unset the option if you accidentally selected it during the installation process.
The option can be used to configure or completely disable the inetd(8) daemon as discussed above.
The option is used to configure the system's default MTA or Mail Transfer Agent. Selecting this option will bring up the following menu:
Here you are offered a choice as to which MTA to install and set as the default. An MTA is nothing more than a mail server which delivers email to users on the system or the Internet.
Selecting will install the popular sendmail server which is the FreeBSD default. The option will set sendmail to be the default MTA, but disable its ability to receive incoming email from the Internet. The other options here, and act similar to . They both deliver email; however, some users prefer these alternatives to the sendmail MTA.
After selecting an MTA, or choosing not to select an MTA, the network configuration menu will appear with the next option being .
The option will configure the system to communicate with a server via NFS. An NFS server makes file systems available to other machines on the network via the NFS protocol. If this is a stand-alone machine, this option can remain unselected. The system may require more configuration later; see Section 30.3, “Network File System (NFS)” for more information about client and server configuration.
Below that option is the option, permitting you to set the system up as an NFS server. This adds the required information to start up the RPC remote procedure call services. RPC is used to coordinate connections between hosts and programs.
Next in line is the option, which deals with time synchronization. When selected, a menu like the one below shows up:
From this menu, select the server which is the closest to your location. Selecting a close one will make the time synchronization more accurate as a server further from your location may have more connection latency.
The next option is the PCNFSD selection.
This option will install the
net/pcnfsd package from
the Ports Collection. This is a useful utility which provides
NFS authentication services for systems which
are unable to provide their own, such as Microsoft's
MS-DOS® operating system.
Now you must scroll down a bit to see the other options:
The rpcbind(8), rpc.statd(8), and
rpc.lockd(8) utilities are all used for Remote Procedure
Calls (RPC).
The rpcbind utility manages communication
between NFS servers and clients, and is
required for NFS servers to operate
correctly. The rpc.statd daemon interacts
with the rpc.statd daemon on other hosts to
provide status monitoring. The reported status is usually held
in the /var/db/statd.status file. The
next option listed here is the
option, which, when selected, will provide file locking
services. This is usually used with
rpc.statd to monitor what hosts are
requesting locks and how frequently they request them.
While these last two options are marvelous for debugging, they
are not required for NFS servers and clients
to operate correctly.
As you progress down the list the next item here is
, which is the routing daemon. The
routed(8) utility manages network routing tables,
discovers multicast routers, and supplies a copy of the routing
tables to any physically connected host on the network upon
request. This is mainly used for machines which act as a
gateway for the local network. When selected, a menu will be
presented requesting the default location of the utility.
The default location is already defined for you and can be
selected with the Enter key. You will then
be presented with yet another menu, this time asking for the
flags you wish to pass on to routed. The
default is -q and it should already appear
on the screen.
Next in line is the option which,
when selected, will start the rwhod(8) daemon
during system initialization. The rwhod
utility broadcasts system messages across the network
periodically, or collects them when in “consumer”
mode. More information can be found in the ruptime(1) and
rwho(1) manual pages.
The next to the last option in the list is for the sshd(8) daemon. This is the secure shell server for OpenSSH and it is highly recommended over the standard telnet and FTP servers. The sshd server is used to create a secure connection from one host to another by using encrypted connections.
Finally there is the option. This enables the TCP Extensions defined in RFC 1323 and RFC 1644. While on many hosts this can speed up connections, it can also cause some connections to be dropped. It is not recommended for servers, but may be beneficial for stand alone machines.
Now that you have configured the network services, you can scroll up to the very top item which is and continue on to the next configuration item or simply exit sysinstall in selecting twice then .
If everything went well, you will see messages scroll off the screen and you will arrive at a login prompt. You can view the content of the messages by pressing Scroll-Lock and using PgUp and PgDn. Pressing Scroll-Lock again will return to the prompt.
The entire message may not display (buffer limitation) but
it can be viewed from the command line after logging in by typing
dmesg at the prompt.
Login using the username/password you set during installation
(rpratt, in this example). Avoid logging in as
root except when necessary.
Typical boot messages (version information omitted):
Generating the RSA and DSA keys may take some time on slower machines. This happens only on the initial boot-up of a new installation. Subsequent boots will be faster.
If the X server has been configured and a Default Desktop
chosen, it can be started by typing startx at
the command line.
It is important to properly shutdown the operating
system. Do not just turn off power. First, become a superuser by
typing su at the command line and entering the
root password. This will work only if the user
is a member of the wheel group.
Otherwise, login as root and use
shutdown -h now.
It is safe to turn off the power after the shutdown command has been issued and the message “Please press any key to reboot” appears. If any key is pressed instead of turning off the power switch, the system will reboot.
You could also use the Ctrl+Alt+Del key combination to reboot the system, however this is not recommended during normal operation.