Do you really want to expose your SQL Server through your firewall - especially on the default port? You'll have to configure the firewall to open whatever port that you want to expose SQL Server through.
Did you change the default sa password? <s>
What about letting the users access resource through a VPN?
-Mike