You can use this as a skeleton
Code:
EXT=re0
INT=bge0
TCPservices = "{ www https ssh }"
UDPservices = "{ domain ntp }"
set skip on lo0
# --- NAT/RDR section
nat on $EXT from ! $EXT to any -> ($EXT)
# --- Default policy
block log all
# -- EXTERNAL interface out
pass out quick on $EXT inet proto tcp tagged OUT_ok
# -- INTERNAL interface in
pass in quick on $INT inet proto tcp from $INT:network to any port $TCPservices tag OUT_ok
pass in quick on $INT inet proto tcp from $INT:network to any port $UDPservices tag OUT_ok
A test load
Code:
EXT = "re0"
INT = "bge0"
TCPservices = "{ www https ssh }"
UDPservices = "{ domain ntp }"
set skip on { lo0 }
@0 nat on re0 inet from ! 192.168.222.20 to any -> (re0) round-robin
@0 block drop log all
@1 pass out quick on re0 inet proto tcp all flags S/SA keep state tagged OUT_ok
@2 pass in quick on bge0 inet proto tcp from 10.0.0.0/8 to any port = www flags S/SA keep state tag OUT_ok
@3 pass in quick on bge0 inet proto tcp from 10.0.0.0/8 to any port = https flags S/SA keep state tag OUT_ok
@4 pass in quick on bge0 inet proto tcp from 10.0.0.0/8 to any port = ssh flags S/SA keep state tag OUT_ok
@5 pass in quick on bge0 inet proto tcp from 10.0.0.0/8 to any port = domain flags S/SA keep state tag OUT_ok
@6 pass in quick on bge0 inet proto tcp from 10.0.0.0/8 to any port = ntp flags S/SA keep state tag OUT_ok
Are you using PPPoE ?