For a quick NAT-test, you could try changing the nat-to interface to the external interface and try the following:
Code:
block log all
match out on em0 from 10.0.0.0/24 to any nat-to 172.16.8.13
pass in on em1 from 10.0.0.0/24 keep state
pass out on em0 keep state
edit: Maybe binat is the way to go, however.