1. Install FreeBSD

...

2. Configure /etc/rc.conf

# -- sysinstall generated deltas -- # Wed Dec 22 22:31:09 2004
# Created: Wed Dec 22 22:31:09 2004
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
gateway_enable="YES"
kern_securelevel="3"
kern_securelevel_enable="YES"
rpcbind_enable="NO"
linux_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Wed Dec 22 16:43:38 2004
network_interfaces="fxp0 rl0 lo0"
ifconfig_fxp0="inet 1.1.1.2 netmask 255.255.255.252"
ifconfig_rl0="inet 192.1.1.1 netmask 255.255.255.0"
defaultrouter="1.1.1.1"
##enable ipfirewall
#firewall_enable="YES"
#firewall_script="/etc/ipfw.rules"
#firewall_logging="YES"
#####end ipfirewall
##enable ipfilter
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flag="-Ds"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
#####end ipfilter
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Thu Dec 23 10:50:32 2004
# -- sysinstall generated deltas -- # Thu Dec 23 10:50:32 2004
kern_securelevel="1"
kern_securelevel_enable="YES"
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Thu Dec 23 10:52:08 2004
# -- sysinstall generated deltas -- # Thu Dec 23 10:52:08 2004
kern_securelevel="1"
kern_securelevel_enable="YES"
nfs_reserved_port_only="NO"
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Tue Dec 28 13:39:04 2004
# -- sysinstall generated deltas -- # Tue Dec 28 13:39:04 2004
usbd_enable="NO"
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Tue Feb  1 20:36:57 2005
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Fri Feb  4 10:14:53 2005
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Fri Feb 25 17:12:59 2005
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Fri Feb 25 17:34:56 2005
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Thu Mar  3 23:20:29 2005
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Thu Mar  3 23:22:36 2005
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Thu Mar  3 23:43:05 2005
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Sun Mar  6 10:13:51 2005
# This file now contains just the overrides from /etc/defaults/rc.conf.
# Please make all changes to this file, not to /etc/defaults/rc.conf.

# Enable network daemons for user convenience.
# Created: Sun Mar  6 10:27:52 2005

3. Configure /etc/ipf.rules

###### /etc/ipf.rules #############################################################
###### Version 1.0 ################################################################
###### Not restrictions on Loopback interface lo0##################################
# All packets go into lo0 can pass through
pass out quick on lo0 all
# All packets go out of lo0 can pass through
pass in quick on lo0 all

###### Not restrictions on LAN interface rl0 #####################################
# All packets go into rl0 can pass through
pass out quick on rl0 all
# All packets go out of rl0 can pass through
pass in quick on rl0 all

###### Allow tcp/udp/icmp packets go out of Internet interface and allow related #
###### come back ################################################################# 
pass out quick on fxp0 proto tcp from any to any flags S keep state
pass out quick on fxp0 proto udp from any to any keep state
pass out quick on fxp0 proto icmp from any to any keep state

###### Block frags,short tcp packets,nmap OS fingerprint attempts,special options##
###### Block source routed packets,public pings,ident #############################
block in quick on fxp0 all with frags
block in quick on fxp0 all with short
## And Log the first nmap OS fingerprint attempts
block in log first quick on fxp0 proto tcp from any to any flags FUP
block in quick on fxp0 all with ipopts
block in quick on fxp0 all with opt lsrr
block in quick on fxp0 all with opt ssrr
block in quick on fxp0 proto icmp all icmp-type 8
block in quick on fxp0 proto tcp from any to any port = 113

###### Block all Netbios service. 137=name,138=datagram,139=session,445=session#####
###### Netbios is MS/Windows sharing service.comment this if you want enable sharing
#block in log first quick on $WAN_IF proto tcp/udp from any to any port = 137
#block in log first quick on $WAN_IF proto tcp/udp from any to any port = 138
#block in log first quick on $WAN_IF proto tcp/udp from any to any port = 139
#block in log first quick on $WAN_IF proto tcp/udp from any to any port = 445
#block in log first quick on $WAN_IF proto tcp/udp from any to any port = 81

###### Block all inbound traffic of non-routed or reserved addess ###################
#RFC 1918 private IP
block in quick on fxp0 from 192.168.0.0/16 to any
#RFC 1918 private IP
block in quick on fxp0 from 172.16.0.0/12 to any
#RFC 1918 private IP
block in quick on fxp0 from 10.0.0.0/8 to any
#Loopback ip
block in quick on fxp0 from 127.0.0.0/8 to any
#Loopback ip
block in quick on fxp0 from 0.0.0.0/8 to any
#DHCP auto-config
block in quick on fxp0 from 169.254.0.0/16 to any
#Class D & E multicast
block in quick on fxp0 from 224.0.0.0/3 to any

###### Allow in www function,SCP,SSH ###############################################
pass in quick on fxp0 proto tcp from any to any port = 22
pass in quick on fxp0 proto tcp from any to any port = 80

###### This rule enforces the block all by default #################################
block in quick on fxp0 all

###### The end of this rule file ###################################################

4. Configure /etc/ipnat.rules

######/etc/ipfnat.rules########################################################
######ipf nat examples#########################################################
### Use " ipnat -CF -f /etc/ipfnat.rules " to reload the NAT rules ############

## Mapping Many LAN addresses into single public address#######################
## dc0 = The interface name of the interface facing the public internet
# map dc0 10.0.10.1/29 -> 0.32
# map dc0 10.0.10.1/29 -> portmap tcp/udp 20000:60000
# map dc0 10.0.10.1/29 -> portmap tcp/udp auto

## mapping many LAN addresses into a pool of static public addresses ##########
# map dc0 10.0.10.1/29 -> 20.20.20.0/24 portmap tcp/udp 20000:60000
# map dc0 10.0.10.1/29 -> 20.20.20.0/24 portmap tcp/udp auto
# map dc0 10.0.10.1/29 -> 20.20.20-20.20.20.7

## Directing traffic to LAN servers ###########################################
# map dc0 20.20.20.5/32 port 80 -> 10.0.10.25 port 80
# map dc0 0/32 port 80 -> 10.0.10.25 80
# map dc0 20.20.20.5/32 port 53 -> 10.0.10.33 port 53 udp

## FTP Special NAT Handling ###################################################
# map dc0 10.0.10.0/29 -> 0/32 proxy port 21 ftp/tcp
# map dc0 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp
# map dc0 10.0.10.0/29 -> 0/32

## FTP Filter rules ###########################################################
## Only one filter rule is needed for FTP if NAT FTP proxy is used ############
## Allow out LAN PC client FTP to public Internet
## Active and passive modes.
# pass out quick on rl0 proto tcp from any to any port = 21 flags S keep state
## Three Filter rules are needed for FTP if no proxy is used ##################
## Allow out LAN PC client FTP to public Internet #############################
## Active and passive modes. ##################################################
# pass out quick on rl0 proto tcp from any to any port = 21 flags S keep state
## Allow out passive mode data channel high order port numbers ################
# pass out quick on rl0 proto tcp from any to any port > 1024 flags S keep state
## Active mode let data channel in from FTP server ############################
# pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state
## Get rid of possible FTP NAT proxy bug ######################################
###### End of examle ipf nat rules ############################################
##
#rdr fxp0 192.168.12.233/32 port 80 -> 192.168.12.4 port 80
##peer to peer map ############################################################
#bimap fxp0 192.168.12.233/32 -> 192.168.12.4/32
map fxp0 192.1.1.1/24 -> 1.1.1.2/32
rdr fxp0 1.1.1.2/32 port 443 -> 192.1.1.2 port 443

rdr fxp0 1.1.1.2/32 port 25 -> 192.1.1.2 port 25

5. Configure /etc/ssh/sshd_config

Uncomment the following line

PermitRootLogin yes

6. Reload configuration

Reboot your box