Hello. I wonder if you can help me please.

Hi there.
I hope you can help.
I'm having a nightmare trying to get this sorted, and the more reading I do, the more I confuse myself, I have been to the FreeBSD handbook many many times. But can you just confirm I have the right idea here please?

I have a business cable connection, which is connected directly to an Ethernet on my FreeBSD box which is running 4.8-RELEASE. The modem it's using is a Samsung SCM140.
I have been fortunate to obtain a Toshiba 2450-S402 P4 laptop. I wish to allow the laptop to use the same connection.

The laptop needs no ports open, as it's just for me to access the net, the FreeBSD box however is a webserver.

Ok, so I started the reading.

I know I must place new NIC in FreeBSD box.
Then I need to load IPFIREWALL and IPIDIVERT modules, which I read how to do this was to edit to /usr/src/sys/i386/conf/GENERIC:

and add:

options IPFIREWALL
options IPDIVERT

and then re-compile the kernel via:

cd /usr/src
make buildkernel KERNCONF=dan
make installkernel KERNCONF=dan

Then I read I had to add the following to /etc/rc.conf:
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="sis0"
natd_flags=""

And then I read that I had to assign the FreeBSD box and the laptop private IPs, perferably something like
FreeBSD box private IP: 192.168.0.1, Windows box: 192.168.0.2.
I couldn't find any info on how to do to this?

How near am I to understanding this, and what else do I need to do PLEASE?
If you can guide me, it'd be much appreciated.
With advance thanks!

Ok. Hopefully this will be the last time I annoy you guys!
I really appreciate the information you've given me.
Excuse the idiots guide i've down below, but this is what I'm *sure* after all the reading that I have to do.
Fortunately, while I kindly wait for your confirmation (please!!!) I had to order a new CrossOver cable which will be delivered.

FYI: sis0 is the Ethernet connected to the business cable mode, sis1 is the new Ethernet which will connect to the Laptop.

Here's what I believe I should do:

1. Place new NIC in FreeBSD box.

2. Load IPFIREWALL and IPIDIVERT modules, to /usr/src/sys/i386/conf/GENERIC:

options IPFIREWALL
options IPDIVERT

cd /usr/src
make buildkernel KERNCONF=GENERIC
make installkernel KERNCONF=GENERIC

3. Add the following to /etc/rc.conf:

gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="sis0"
natd_flags=""
firewall_script="/etc/firewall/fwrules"

Also, add "ifconfig_sis1="inet 192.168.0.1 netmask 255.255.255.0"

4. ifconfig sis1 inet 192.168.0.1/24

On the Laptop (WinXP) Set ip: 192.168.0.2, subnet 255.255.255.0, default gateway 192.168.0.1 and nameservers.

And finally, my fwrules:

# Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"

# Force a flushing of the current rules before we reload.
$fwcmd -f flush

# Divert all packets through the tunnel interface.
$fwcmd add divert natd all from any to any via sis0

# Allow all connections that have dynamic rules built for them,
# but deny established connections that don't have a dynamic rule.
# See ipfw(8) for details.
$fwcmd add check-state
$fwcmd add deny tcp from any to any established

# Allow all localhost connections
$fwcmd add allow tcp from me to any out via lo0 setup keep-state
$fwcmd add deny tcp from me to any out via lo0
$fwcmd add allow ip from me to any out via lo0 keep-state

# Allow all connections from my network card that I initiate
$fwcmd add allow tcp from me to any out xmit any setup keep-state
$fwcmd add deny tcp from me to any
$fwcmd add allow ip from me to any out xmit any keep-state

# Everyone on the Internet is allowed to connect to the following
# services on the machine. This example specifically allows connections
# to sshd and a webserver.
$fwcmd add allow tcp from any to me dst-port 80,25,22 in recv any setup keep-state

# This sends a RESET to all ident packets.
$fwcmd add reset log tcp from any to me 113 in recv any

# Enable ICMP: remove type 8 if you don't want your host to be pingable
$fwcmd add allow icmp from any to any icmptypes 0,3,8,11,12,13,14

# Deny all the rest.
$fwcmd add deny log ip from any to any

Do you believe all that is correct?
I just have one problem ...
I tried running the IPFW script, and as soon as I did - no outsider could connect to the port 80, even though I restarted apachectl, as soon as I disabled those rules - it worked.
I cannot see what is actually wrong with the rules, so if you can guide me on that - it'd be much appreciated.

Thanks again for your assistance.
It's much appreciated.