My FREESCO page | A FREESCO is born | Setting up FREESCO
This page describes how to setup a FREESCO router. The tutorial will guide you through the setup in order to help you get your box up and running. I focus on version 038, as this is the latest available version, but most of what is said here is also applies to other versions.
FREESCO can be used to connect to the Internet no matter if you use cable, ADSL or dialup to make the connection. As I use cable for my self, this tutorial will describe how to setup an Ethernet router. If you use any other connection method, I believe you will still find this page helpful. You can apply most of what is said here, but you might also need to consult the FREESCO support forums as well as the archived forums, created after the forum crash in 2006. You can also find usefull (but a bit dated) information in the FREESCO manual.
What you need is
One note about RAM: While FREESCO will run on as little as 12MB RAM, this tutorial assume that your box have at least 32MB RAM. With that amount of RAM it is possible to enable some nice services on FREESCO as well as enabling a ramdisk. The ramdisk can be used to install packages to if your system lack a hard drive.
[ Top ]
The most common hardware issue I have come across with regarding FREESCO is that a NIC is not detected correctly. FREESCO comes with built in support for some NICs but it is also possible to load drivers for a whole bunch of other NICs. Before you start the installation, it is a good idea to take some time and identify your NICs correctly. This will help you to sort out problems regarding missing drivers.
Most NICs work well with FREESCO, but there have been several reports that the NE2000 NIC is not working very well. If you plan to use this kind of network card, do your self a favor and replace it. Most probably the NE2000 will cause you problems, sooner or later.
If you use ISA NICs, they must be configured correct to work with FREESCO. If you use PCI NICs, you need to set up the BIOS in your computer correctly. For more information about identifying, installing and configuring NICs, see my tutorial regarding Installing NICs
Before you continue you should
I also assume that your NICs and/or computer BIOS are configured correctly.
[ Top ]
Now it is time to download FREESCO. The software is available from http://freesco.sourceforge.net/. There are several versions available but my recommendation is to always use the latest available version. Just click on the version of your choice and the download will start. Save the downloaded file in a directory on your hard disk. From the download page, also download the modules package. It contains NIC drivers and keyboard maps, useful if you want something other than a US keyboard layout. Remember to download the modules package that matches your FREESCO version. If you download FREESCO 038, you should use version 038 of the modules package. Although the modules package is optional, for the rest of this tutorial I will assume that you have downloaded and unpacked it.
After downloading the FREESCO files, open Explorer and move to the directory where you saved the downloaded files. Unzip the downloaded files using your favorite unzip utility, for example WinZip. Unzip both files to the same directory. The FREESCO file will be unpacked to a sub-directory named
FREESCO-XXX (where XXX is your selected version). The modules file is unpacked to three subdirectories which are put inside the
FREESCO-XXX directory. These subdirectories are named
modules-2.0.yy, (where yy probably is 38, 39 or 40 depending on your FREESCO version) and
By now you should have a directory structure on your HD with the FREESCO files unpacked. The directory structure should look like this:
[ Top ]
Now it is time to create the floppy from which FREESCO will run. Insert a new, formatted floppy into your computer. Then use Explorer to enter the
FREESCO-XXX directory. Inside it you will find a file named
make_fd. Double-click on that file and a black DOS-box will open. This box will write FREESCO to your floppy and the close itself. At this moment your FREESCO floppy is ready to use.
If you need to add extra modules in order to get your NIC working, this is the time to do this. Copy the driver you want to use from the
FREESCO-XXX/modules-2.0.yy/net structure to the directory
ROUTER/drv on your floppy.
NB! If you use any of the drivers in the
FREESCO-XXX/modules-2.0.yy/net/new-net directory, you also must copy
ROUTER/drv. For more information about adding drivers, read the documentation in the
By default, FREESCO comes with support for US keyboards. If you want something else, you have to add support for that keyboard yourself by adding the correct keyboard map to the floppy. The keyboard maps are a part of the modules package and are located in
FREESCO-XXX/keymaps. To add a keyboard map to your FREESCO floppy, simply copy the keymap you want to use from the
keymaps directory to
ROUTER/kbd on your floppy. Note that you can only have one keyboard map in the
ROUTER/kbd directory. If there are more than one file, whichever file that comes first will be used. For more information about the keymaps, see the documentation in
FREESCO now comes with support for time zones. Earlier you had to manually specify the offset between your current time zone and GMT. If this was not done, FREESCO would use GMT. With the support for time zones, FREESCO will automatically adjust its time to your local time. To take advance of this feature, all that has to be done is to copy the time zone file for your location, from the directory
FREESCO-XXX/timezone on your HD to the
router/tmz directory on the FREESCO floppy. Some documentation is available inside the
You should now have a brand new FREESCO floppy. The floppy should have support for your NICs, the keyboard layout of your choice and your local time zone.
[ Top ]
Before I continue, some words about the FREESCO setup program. The setup program takes you through the settings to configure. For each setting, you are given an introduction text explaining the purpose of the setting. Take your time and read this text, it will give you the necessary information on how to setup the router correctly.
The setup program often suggests a default value to use. It is shown within [ square brackets ]. To go with the default value, just press Enter and that value will be used.
Now it is time to setup your FREESCO. Insert the FREESCO floppy into the PC you want to run FREESCO on. Enter the BIOS of the computer and make sure that the floppy is first in the boot order. Save your changes and reboot the machine. After a while, the FREESCO start menu is displayed and awaits your input. Here you decide what to do:
If you don't type anything within 8 seconds, the router will start in normal mode. If this happens, don't worry. Just press Ctrl-Alt-Del to reboot the machine and start over. As you want to setup the router, type
setup when the menu is displayed, then press Enter. The router is booted and after a while some text is displayed, notifying you that you are to setup FREESCO for the first time.
FREESCO will now ask you to log in. Use the user "root" which also has the password "root". Now an info screen is displayed, telling you the meaning of the colors. Read the information and press Enter to accept the defaults. A new screen is displayed. Here is where you decide which type of router/server you want. It is possible to combine different types of routers/servers but you have to select one type to start with. This tutorial focuses on an Ethernet router so type "e" and press Enter and the setup process begin.
[ Top ]
First of all you have to specify the hostname of your router:
Host name, very useful in case of getting IP address via DHCP client (for instance when connected to @HOME) 611 Hostname of this computer [router]?
Unless you know what you are doing, I suggest using the default value.
Note! Dingetje pointed out that this option is critical for @HOME users that use DHCP to setup the IP of the external interface. Such users MUST use the hostname given by @HOME, or their connection will not work. This does not apply to users with static IP.
There are VERY few reasons to change this from the default of "inet". This is NOT a fully qualified domain name and it is used primarily by the DNS server to recognize local URLs. So do not use com, org, net, or anything that exists on the Internet. 612 Domain name [inet]?
Here you specify the domain your router belong to. Do NOT specify a domain that exist on the Internet unless you own the domain and it points to your IP. Most will do fine with the default value.
The next screen displays configuration setting 56 which is used to configure ISA NICs. You specify the I/O and IRQ for each ISA NIC you use. If you use PCI NICs, or configure your ISA NICs using ISA PnP, you don't have to enter anything here. You can just type "x" and press Enter to leave the page. The same applies if you use 3Com 3C509(B) NICs - there is nothing to configure here. Although these are ISA NICs, they do not require any configuration here. For more information about configuring NICs, see my Installing NICs tutorial.
Now the screen for configuring local networks (setting 62) is displayed. This page might look complicated at first, but it's all pretty straight forward. The page look something like this:
[ Network # ] 0. 1. 2. [ Interface ] eth0 eth1 [ IP address ] 192.168.0.1 192.168.1.1 [ Network # ] 3. 4. 5. [ Interface ] [ IP address ] [ Network # ] 6. 7. 8. [ Interface ] [ IP address ] [ Network # ] 9. [ Interface ] [ IP address ] [ --------------------- Network #0 specific settings ---------------------- ] 620. Interface Name = eth0 626. Use PPP ethernet = n 621. IP address = 192.168.0.1 627. Use DHCP client = n 622. Network mask = 255.255.255.0 628. Set DNS via DHCP = y 623. Network addr = 192.168.0.0 629. MAC addr = 624. Broadcast addr = 192.168.0.255 631. Gateway = Choose network 0-9 or its parameter to change (x - exit) ?
The page is split in two parts. The topmost part is the 'Network overview', with information about the networks your router handle. The bottommost part displays detailed information about a selected network. As displayed, FREESCO can handle 10 networks. Network 0 is special as it acts as the "uplink" used to connect to your ISP. All other networks (1-9) are "ordinary" networks. The available settings for network 0 and network 1-9 vary a bit, as they have different purposes.
This part of the page is basically an overview of the networks your router handle. For each network, the name of the NIC and the IP address of the network is displayed. This part also visualizes an important aspect that many users don't realize: what gets configured are the networks and not the NICs. Many users believe that eth0 is used for network 0, eth1 for network 1 and so on, but this is not the case. All such assignment of NICs to networks is done by you and it is done on this page using setting 620.
The possibility to specify which NIC a certain network should use is very handy, especially if you have one slow NIC (10Mbps) and one fast (100Mbps). In this case you probably want to use the fast NIC inside your LAN while you use the slow NIC when connecting to your ISP. Suppose the fast NIC is identified as eth0 and the slow one as eth1. To use these cards in the way you want you just use option 620 to assign eth1 to network 0 while you assign eth0 to network 1.
The possibility to change which NIC a certain network shall use might also be useful even if your NICs have the same speed. Suppose you have set up your router correctly, NICs are identified and everything looks ok but you still fail to connected to your ISP. Chances are that you have connect your uplink cable to the wrong NIC. Instead of connecting the cable to the NIC that is configured for network 0, the cable is connected to a NIC used for another network. One way to resolve this is to physically switch the cables between your NICs. But you can also achieve the same result by using setting 620 and toggling the NIC that is used for the different networks.
Finally, sometimes people ask how a certain NIC is assigned a certain name, for example eth0, eth1 and so on. There is no clear answer to this, but check out Lightnings explanation in the forums.
As mentioned above, network 0 is the "uplink" - the connection to your ISP. Hence, all configurations done for this network is dependant upon how you connect to your ISP. The ISP should provide you with most of the necessary information for configuring this section correctly. The only thing your ISP doesn't care about is setting 620 Interface Name. This setting specifies which interface (NIC etc) you want to use when connecting to your ISP. If you have NICs with different speeds, you might want to set this to the slowest NIC as you probably want the fastest NIC to operate on the local network.
[ --------------------- Network #0 specific settings ---------------------- ] 620. Interface Name = eth0 626. Use PPP ethernet = n 621. IP address = 192.168.0.1 627. Use DHCP client = n 622. Network mask = 255.255.255.0 628. Set DNS via DHCP = y 623. Network addr = 192.168.0.0 629. MAC addr = 624. Broadcast addr = 192.168.0.255 631. Gateway = Choose network 0-9 or its parameter to change (x - exit) ?
If you don't have access to the settings your ISP want you to use, or if you simply is too lazy to look them up, you can try to enable option 627 which is off by default. With this setting enabled, your FREESCO will try to find the correct configuration when connecting to your ISP. Personally, I always enable this setting and it has always worked flawlessly.
Networks 1-9 are your local networks (LAN). In the simplest case you have just one local network, but you might have up to nine. For each local network you need to specify
The settings are shown below:
[ --------------------- Network #1 specific settings ---------------------- ] 620. Interface Name = eth1 a. Auto configure network #1 621. IP address = 192.168.1.1 c. Clear network #1 settings 622. Network mask = 255.255.255.0 623. Network addr = 192.168.1.0 624. Broadcast addr = 192.168.1.255 625. DHCP server pool = 192.168.1.10 192.168.1.30
In order to complete this setup, you need some basic network knowledge. If you feel unsure about this, do yourself a favor and spend some time Googling for "basic networking tutorial" or something similar. Once you feel confident with the networking terminology, there should be no problem completing the setup.
I will now describe the configuration of network 1, but anything discussed here should apply to the rest of the local networks. To configure a certain network, you just enter the number of the network and press Enter. Configuring network 1 means typing "1" and pressing Enter.
First of all you should specify which interface to use. Most probably you have an Ethernet interface and you should enter its name here. If you are unsure about the names of your NICs, take a look at the Troubleshooting section of my NIC setup tutorial. There you will find instructions on how to list your available NICs. Here I assume you will use eth1, but this is just an example. Once you know the name of your NIC to use, type the number of the setting ("620") and press Enter:
Possible types of interfaces: ethN - ethernet inteface number N ethN:n - ethernet inteface number N alias number n (Breaks NAT) arcN - arcnet interface arcNe - arcnet interface trN - token ring interface sbniN - granch SBNI12 board dummy - if you do not have an ethernet card 620 Network #1 connected via interface (- disable network) ?
Now enter the name of the interface ("eth1") and press Enter. The given value is read by the setup program and used when the screen is updated:
[ --------------------- Network #1 specific settings ---------------------- ] 620. Interface Name = eth1 a. Auto configure network #1 621. IP address = c. Clear network #1 settings 622. Network mask = 623. Network addr = 624. Broadcast addr = 625. DHCP server pool =
Now it is time to specify the IP address of the network. The address must be within one of the private ranges. Private IP ranges are
10.x.x.x 192.168.x.x 172.16.x.x 172.31.x.x
Which range you use does not matter, it's more a question of taste. I have always used the 192.168.x.x range so I will use it here too, but feel free to use any of the ranges above.
To set the IP, type "621" and press Enter to bring up the setting:
621 IP address of interface ?
Type the desired IP ( "192.168.1.1") and press Enter. The screen will update itself and show your new setting.
The next setting is the Network mask (622). Unless you know what you are doing, I recommend setting this to 255.255.255.0. Enter the setting number and hit Enter:
622 Network mask ?
Enter your desired value and press Enter. After this setting has been configured, the setup should look something like this:
[ --------------------- Network #1 specific settings ---------------------- ] 620. Interface Name = eth1 a. Auto configure network #1 621. IP address = 192.168.1.1 c. Clear network #1 settings 622. Network mask = 255.255.255.0 623. Network addr = 192.168.1.0 624. Broadcast addr = 192.168.1.255 625. DHCP server pool =
As you might notice, settings 623 and 624 are set automatically when you change setting 622. For normal usage, you can safely ignore these settings and leave them as they are.
There is one additional setting here that you might want to take a look at. Setting 625 specifies the DHCP server pool. If you enable the DHCP server (setting 431), your FREESCO will automatically hand out IPs to computers added to your network. This is very handy, as it requires little (or no) configuration of the clients on your LAN. But enabling the server is not enough, you have to specify the range of IPs that can be used by the DHCP server, and this is the purpose of setting 625.
With setting 625 you specify a range of IPs that can be used by the DHCP server. The range of IPs must be valid inside your network (in this example, values above 192.168.1.0 and below 192.168.1.255) but NOT the IP address of the network itself (here 192.168.1.1). Note that the DHCP server use memory for each IP in the pool, so do not specify a range that is unnecessary large. Personally, I use a range of 11 IPs. This is enough for my four desktops and also makes it possible to connect some other machines when necessary.
To specify the range, just enter the setting number (625) and press Enter:
IP range for DHCP server, - disable dynamic DHCP range on this interface. Example: 192.168.1.10 192.168.1.30 625 IP range for DHCP server (- disable) ?
Now enter the first and last IP you want to use as the range. To create a range with 11 IPs, reaching from 192.168.1.10 to 192.168.1.20, enter the string "192.168.1.10 192.168.1.20" and hit Enter.
By now, the configuration of network #1 is done. If you have more networks to configure, just enter the number of the network, press Enter, and repeat the process for each network.
Before I leave this section I will discuss the two options to the right of the screen: Auto configuration and Clear settings. Both options are pretty straight forward and do just what they say.
Auto configuration is a feature I really like. It asks how large DHCP pool you want and then generates default values for settings 620-625. Try it by configure a network you don't use, e.g. network 7. Start by typing "7" and press Enter to select this network. Now type "a" and hit Enter to start the configuration:
How many DHCP leases do you want (- disable) ?
Accept the default by pressing Enter. Now default values for network 7 are generated and displayed:
Interface will be set to
IP address set to
Network mask set to
Network address set to
Broadcast address set to
DHCP pool will be set to a range of 21:
As you see, these settings do not differ much from what I described earlier. Using this option to configure the network is a nice way to get a basic configuration. Once the automatically configuration has done its job, you can always change the values by hand. For now, type "c" and press Enter to clear the settings for network 7.
By now your networks should be configured. Continue the setup process by entering a "x" and pressing Enter.
[ Top ]
In this part of the setup process you configure settings such as what services to run, size of logs, screen- and HD-savings, etc. For many settings, you have the possibility to
You use the letters Y, S, and N to specify how you want to run a service. Y means "yes" (worldwide), S means "secure" (locally) and N means "no" (disabled). Opening a service to the web is a security risk and you should try to limit the number of services you enable worldwide.
I will now guide you through the additional configuration which start with
Setup will now try to detect your modems. Dialup and RAS services will be disabled before detection. NOTE: Be patient ,autodetection can sometimes take a while. Autodetect modems now ? y/n [y]?
y is the default here, but for an Ethernet router no modems need to be detected. Enter a
n and press Enter.
Advanced modem setup ? (y/n) [n]?
n is the default here and that is fine. Hit Enter.
Trust local NETWORK1 y - This network needs to communicate with other local networks. n - This local network must NOT communicate with other local networks. This setting does not effect Internet access. 251 Trust local network 1 (y/n) [y]?
If you have more than one local network, this setting is used to specify whether it should be possible to communicate between these networks or not. By default this setting is turned on. Leave it that way, just hit Enter.
Trust modem links. y - Trust dialin modems. n - No access to local networks. 252 Trust modem links (y/n) [y]?
If you have users dialing in to your router, this setting specifies whether these users should have access to your local networks or not. The setting is on by default, and should be left that way. Press Enter to continue.
WARNING:If your router has only 8MB of RAM, you should NOT enable services until you install on a hard drive and enable at least 8MB of swap.
A notice from Lightning, be sure to have at least 16MB RAM before you enable any services. I assume you have more than this, so enabling services should be ok.
Caching DNS server. Recommended for most configurations in "s" or "e" mode. WARNING:y - Enable service worldwide (insecure) s - Enable service locally (secure recommended) n - Disable service NOTE: If you have port forwarding on port (53), you must not use secure modes. NOTE: e - (secure exclusive mode). This forces all clients to use this server exclusively and external DNS servers are not allowed. 41 Enable caching DNS server (y/s/n/e) [s]?
A caching DNS server caches the mapping of a domain name to an IP. This will speed up the process of getting additional data (e.g. more webpages) from a site, once the mapping has been stored in the cache. By default this option is set to
s which will be fine. Just press Enter.
411 Number of URL's to cache ? ?
This option specifies the number of "mappings" between IPs and domain names that the DNS server should cache. Default value is fine, press Enter.
412 Enable DNS requests logging (y/n) [y]?
DNS request logging is turned on by default. This means that all requests to the DNS server are logged. While this is a good way to track down unwanted access from your LAN to the Internet, it fills your logs pretty quick. I have disabled this option myself, but leaving it on won't hurt, it's up to you. Make your decision and press Enter.
413 Edit your DNS file (y/n)? [n]
Here you have the possibility to edit a configuration file and specify mappings between domain names and IPs. You do not want to do this so just hit Enter.
Enable DHCP if you want automatic configuration of clients: IP address, subnet, domain, DNS, gateway, and WINS address. NOTE 1: An IP address range can be set in the advanced network setup for each subnet. NOTE 2: You should not enable the DHCP server if your network already has a DHCP server. ******************* SPECIAL NOTE ****************************** (NOT RECOMMENDED for most users) There is a DHCP (R)emote server mode. This mode is strictly used for making this server give out a remote gateway rather than the internal IP address of the router. If you are NOT using FREESCO as your Internet gateway and you want it to be the local DHCP server then answer "r". 431 Enable DHCP server (y/n/r) [n]?
This is where you turn on/off the DHCP-server mentioned earlier. This setting is a bit different from others, as "y" is the normal, secure mode, while "r" is a special mode that most user should not use. By default the setting is set to "n" but it is a good idea to turn this service on. Enter a "y" and press Enter to continue the setup.
********************* WINS NOTE ****************************** If you have installed and configured a WINS server on this router such as "Samba". You can answer "local" to this question. 432 WINS server ,- disable (IP-address/local/-) ?
Most users can happily ignore this setting, press Enter to keep going.
433 Default-lease-time (sec) ?
This option specifies the default length of a IP lease handed out by the server. Once this time have passed, the client must ask the DHCP-server for a new lease. The default value is fine.
434 Maximum-lease-time (sec) ?
This option specifies the maximum length of a IP lease given out by the server. Even if a client asks for a longer lease, the server won't give out a longer lease than this. Default is ok, press Enter to go on.
435 Create/edit static DHCP leases (y/n) ?
Sometimes you want a certain computer within your LAN to always have the same IP, but use DHCP for configuring the other computers on the LAN. By creating a static lease you can specify an IP to always be used for a certain computer (based on the MAC-address of the NIC). Just press Enter here.
436 Clear all dynamic DHCP leases (y/n) ?
This option removes all existing leases. This might be useful under some circumstances but you can just press Enter to leave it.
If you want to run a small web server. Files should be copied into the "/www" directory. WARNING:y - Enable service worldwide (insecure) s - Enable service locally (secure recommended) n - Disable service NOTE: If you have port forwarding on port (80), you must not use secure modes. 441 Enable public HTTP server y/s/n [n]?
Just press Enter to go with default value, you do not want a public web server.
The web admin control panel will allow you to manage and monitor Freesco from your web browser. This must also be enabled for time client to work. WARNING:y - Enable service worldwide (insecure) s - Enable service locally (secure recommended) n - Disable service 451 Enable time server and web admin via HTTP y/s/n [s]?
It is possible to administrate your FREESCO from another computer within your network by enabling this service. While it is a minor security risk (anybody on your LAN can try to log in to the server), it is a nice feature. By default the service is started in secure mode, leave it that way.
452 Control HTTP server IP port ?
This is the port that the control server will answer on. The default value is fine, hit Enter and continue.
Host Time server address. An NTP server with which Freesco will sync its system time and later provide this accurate time to local clients. 453 Time server address (- disable syncing time) [pool.ntp.org]?
When enabling the control server you also enable the time server. This makes it possible to have all clients within your LAN synchronizing their time with your FREESCO. To get this feature working you must specify an address of a time server that your FREESCO will use to synchronize itself. The default value is fine, press ENTER.
If you followed the instructions earlier and copied the time zone file to your floppy, the name of the selected time zone should now be displayed, eg
Using the CET timezone <ENTER> to continue
If you did not copy the time zone file, you will face the following screen:
Time offset to UTC time (also known as GMT or London time). Format: +hhmm or -hhmm Example: UTC time (London) is 10:00 my time (Oregon) is 2:00 offset is -0800 NOTE: Freesco does support automatic daylight saving changes if you have added one of the 'timezone.tmz' files to the /tmz directory. Otherwise twice a year you have to chage time offset. 454 Time offset to UTC [+0000]?
You must specify the time zone that is used where you live. Europe has CET which is UTC+1 (or when daylight saving is on, CEST which is UTC+2). Enter the offset that matches your location and hit Enter to continue.
Configure one, or up to ten printers here. The client must support UNIX style LPR printing (Native LPR printing from Linux, Microsoft TCP/IP printing for Windows NT or a 3rd party client for Win95/98). Standard port number is 515 for Linux, NT, Win2k, and XP. Available device ports are lp0 cua0 Feed queue is a name that prints a separator page between print jobs. Raw queue is a name that does not print a separator page. NOTE: A different feed and/or raw queue MUST be assigned for each printer. Multiple queues can be assigned for the same device. WARNING:y - Enable service worldwide (insecure) s - Enable service locally (secure recommended) n - Disable service NOTE: If you have port forwarding on port (515), you must not use secure modes. 46 Enable Print Server (y/s/n) [n]?
FREESCO can be used as a print server to share a printer among the computers on a network. You do not want this (yet) so accept the default.
Allow remote console access to Freesco via SSH/SFTP. WARNING:y - Enable service worldwide (insecure) s - Enable service locally (secure recommended) n - Disable service NOTE: If you have port forwarding on port (22) ,you must not use secure modes. 47 Enable SSH/SFTP server y/s/n [n]?
By using SSH it is possible to connect to your FREESCO from another computer and work with it just if you were sitting in front of it. This is very handy and as SSH is a secure protocoll, there is only a limited risk with enabling this service. By default SSH is turned off, but I suggest turning it on. Type "s" and press Enter to enable it with your LAN.
471 SSH IP:port ?
By default, SSH uses port 22 and this is fine with us, just hit Enter.
Generate security keys, it is important to have keyboard input to make a more secure key file Press keys but DO NOT press <ENTER> unless prompted. <ENTER> to continue.
Now the keys for this SSH server will be generated. Hit Enter and then keep pressing different keys on the keyboard to make the randomizing process even more random. FREESCO will display messages that it is creating keys and storing them. Keep pressing keys on the keyboard (but do NOT press Enter) until FREESCO displays
<ENTER> to continue
Now press Enter to continue the setup.
Dropbear sshd v.044-Freesco-p51 Usage: dropbear [options] Options are: -w Disallow all super user 'root' login UIDs (Most secure) -W Disallow 'root' login NAME -s Disable password logins -g Disable password logins for root -j Disable local port forwarding -p [address:]port Listen on additional [address:] port, up to 10 can be specified 472 Extra command options ?
Here you have the possibility to add extra command line options to the SSH server. Just press Enter to accept the default.
Enable FTP server. The standard FTP port is 21. WARNING:y - Enable service worldwide (insecure) s - Enable service locally (secure recommended) n - Disable service NOTE: If you have port forwarding on port (21), you must not use secure modes. 51 Enable FTP server (y/s/n) [n]?
FREESCO can be used as a FTP server, but go with the default and leave it disabled.
The Remote Access Server is used for dial in and requires a modem to be configured with an internal IP address set on a local subnet. Dialup and leased line routers need at least two modems. 52 Enable RAS server (y/n) [n]?
Just accept the default.
System log records kernel messages and messages from other programs. Logins log keeps console, FTP, dial in and ssh logins as well as shell commands executed via web admin. Info logs are information only logs. Combined maximum log size should be less than 200000 bytes. 161 System log size (bytes) ?
This option specifies the maximum size of the system log file. Default is fine.
162 Logins log size (bytes) ?
This option specifies the maximum size of the logins log file. Default is fine here as well.
163 Info log size (bytes) ?
This option specifies the maximum size of the info log file. Default is fine here as well.
System logs can be saved to the /home/root/var directory with a time stamp. NOTE: Hard drive installs ONLY. 163 Save the system logs (y/n) [n]?
There is no need in saving logs as this is a floppy installation, go with the default.
Cron is a scheduling agent capable of executing any task at a specific min,hour,day,month. 42 Enable Cron daemon (y/n) [n]?
As suggested, leave the cron daemon disabled. Hit Enter.
This server gives out OS information. For applications such as IRC, it is required to use y. 50 Enable the ident server (y/n/s) [n]?
Once again accept the default by pressing Enter, ident is not needed.
141 Blank screen after N min (0 - never) ?
This option specifies the amount of idle time to pass before the screen shall be blanked. Default value is 10 minutes which I find fine. If you want to change it, feel free to do so. Hit Enter when you are done.
142 Stop hdd after N min (0 - never) ?
Here you specify for how long the HD shall be idle before it stops spinning. I use the value 5 here but you can enter any value that you find suitable and press Enter.
143 Screen saver start after after N min (0 - never) ?
Here you specify for how long FREESCO shall wait after the last key press before the screen saver is turned on. I don't care for the screen saver so I leave the setting as it is.
It is a good idea to enable a swap file on hard drive systems with less than 32MB of RAM. You should enable at least an 8MB swap file if you have less than 16MB of RAM. NOTE: Maximum usable size is 127 MB. If you are using a Linux native swap partition ,then enter the drive partition. EXAMPLE1=127 EXAMPLE2=/dev/hda2 NOTE: If you have 64MB+ of ram, then enabling swap will usually just slow the system down. 15 Swap file size in MB or native swap device (0 = disable) ?
As this is a floppy installation, just press Enter.
ISP http proxy for dyndns/Zonedit/dhs/loopia client and for package installation. Format: proxy.addr.domain:port or ip.addr:port ISP http proxy address (otherwise -) ?
If your ISP uses a http proxy, enter its address/IP here. If no proxy is in use, just hit Enter to skip this setting.
ile command line history and TAB completion. Not recommended for less than 10MB of ram. 13 Enable command line history (y/n) [y]?
ile is very handy as it gives you the possibility to scroll back through commands you previously have used. It is enabled by default and I suggest leaving it on. Hit Enter.
If you have 20MB+ of RAM. Then a 4, 8, or 16MB RAM drive will be installed (depending upon system memory). 19 Install a RAM drive (y/n) [n]?
No need for a ramdisk, just accept the default.
Enabling this allows you the option to email log files, the external the external IP address, or even a report.txt to the specified recipient. 53 Enable the mail client (y/n) [n]?
Accept the default by hitting Enter.
If you did not configure your FREESCO to use DHCP client to configure NETWORK0 (option 627), you are now asked to enter information about your primary DNS. If you told FREESCO to use DHCP, this screen is not shown.
Primary DNS is required, others are optional Primary DNS address (your provider's DNS) ?
Enter the DNS of your ISP if you are told to use one, otherwise just hit Enter.
Dynamic DNS is a service that you can use to get an automatically updated hostname on the Internet for your external IP address. Then a hostname (something like http://I-love-Freesco.dyndns.org) will resolve to your IP address. Please visit www.dyndns.org, www.zoneedit.com, www.dhs.org, domain-dns.com, or www.loopia.se for more information and to create an account. NOTE: Other service providers can also be supported with the new 'unsupported' configuration option. 49 Enable the DynDNS/ZoneEdit/dhs/domain-dns client (y/n) [n]?
While this is a cool feature, leave it off right now.
Changing password for user root (console/ssh administrator). Changing password for root Enter new password:
Here is a very important setting - the password for your 'root' user. The password is limited to 8 characters (you can enter as many characters you want, but only the eight first are used), so selected them carefully. Once you have given the password, you are asked for it again:
Re-type new password:
When you have given the new password the second time, you are notified about the change:
Password changed. The authorized_keys file allows users to login using SSH and not have to use a password. The Openssh client private key is /home/root/.ssh/openssh-id_rsa. The Dropbear client private key is /home/root/.ssh/dropbear-id_rsa. Private keys must be renamed and copied to the /user/.ssh directory on the client OS. Do you want to create a SSH 'authorizeed_keys' file in /home/root/.ssh ?_
This give you the choice of creating a key to simplify the login process, but we ignore that now. Type 'n' and hit Enter. Now you continue with changing the admin password:
Changing password for user admin (web control panel administrator). Changing password for user admin New password:
The process here is the same as with 'root', enter the new password and press Enter. Then you are asked to enter the password once again:
Re-type new password:
When you have changed the password for admin, the process is repeated once again but for user ppp.
Now you have the possibility to disable the root user:
313a. Disable the 'root' username and create a new super user (y/n) ?
This is a very nice feature. Most (all?) Linuxes comes with a default super user named 'root'. This user has full access to the whole system. For an intruder, getting root access is the goal. As the root user exists in almost every system, an intruder does not need to start guessing a user name. As there probably is a user named 'root', the intruder can focus on guessing the password for this user. This option allows you to disable the root user and create a new super user. This makes it more complicated for an intruder as s/he now has to guess the name of the super user AND the password. I really recommend disabling the root username so type "y" and press Enter to create a new super user.
313b. New username (- abort) [root]?
Enter the name of your new super user. Here I use 'qWerTy' as user, but be sure to use something better!
313c. Are you sure you want 'qWerTy' as a root username (- abort) (y/n)?
Type "y" and press Enter to accept the new super user. You are then asked to enter and verify a password for the new user. Once this is done, 'root' can no longer log in to your machine. Instead, 'qWerTy' should be used.
The process of disabling a user is now repeated for the web admin user. This is the user that is used when logging in to the web control panel. This user also has a lot of power so I really recommend disabling the default user:
314a. Disable the 'admin' username and create a new web admin user (y/n) ?
Type "y" to disable the default user ('admin') and to create a new web admin user
314b. New username (- abort) [admin]?
Enter the name of your new web admin user. Here I use 'AsdfG' as user, but be sure to use something better!
314c. Are you sure you want 'AsdfG' as a web admin username (- abort) (y/n)?
Type "y" and press Enter to accept the new web admin user. You are then asked to enter and verify a password for the new user. Once this is done, 'admin' can no longer access the web control panel of your machine. Instead, 'AsdfG' should be used.
Configuration is now complete. Save settings, restart system and test it. <ENTER> to continue.
Just follow the instructions: press ENTER and you will find yourself in the setup screen. Here you select "s" to save the setup, then press ENTER. Now your setup is saved to your floppy and FREESCO will reboot. Hopefully, FREESCO will come up without problems. If you run into troubles, I recommend taking a look in FREESCO manual or the FREESCO support forums.
By now you should have a FREESCO with just the most basic services enabled. The system should be solid and stable and also pretty secure. However, there are some additional steps I recommend, see Additional setup and configuration for more information.
[ Top ]
Last modified: Tue Apr 15 22:36:36 CEST 2008