Code:
# --- NAT
nat on $ext_if from !($ext_if)
# --- EXTERNAL interface
# --- OUT
pass out quick on $ext_if all keep state flags S/SA
# -- INTERNAL interface
# --- IN & OUT
pass quick on $int_if all keep state flags S/SA
# default block and log
block log all
This will do NAT for the internal network, only pass out traffic on the external interface, and pass out/in traffic on the internal interface.