I understand. I guess it's possible to use natd to do that without pf, but I've never tried. pf can do nat by itself (it doesn't need natd).
What I would do:
remove the lines:
Code:
natd_enable="YES"
natd_interface="em0"
natd_flags=""
from your
/etc/rc.conf. There should be no reference left to natd.
Then, modify your
/etc/pf.conf so that it looks like the following:
Code:
ext_if="re0"
int_if="em0"
int_if_network = $int_if:network
nat on $ext_if inet from $int_if_network to any -> ($ext_if)
pass out quick on $ext_if inet from ($ext_if) to any keep state
pass from $int_if_network to any keep state # not sure this one is necessary, you might try without
If you access the machine remotely via ssh on port 22, don't forget to add the following to your pf.conf (just after the nat rule).
Code:
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22
Otherwise you'd lose access to the host.
I would advise now to reboot. That would ensure natd is not running, that pf reloaded all the rules, and that ipfw is not running at the same time from your previous attempts with it.
After reboot you should be able to access the internet from your internal network.
I added "inet" to your rules, so, they're rules for IPv4 only. I guess that's what you want since your local network seems to be IPv4 only. (digression: it's possible to use nat on IPv6 using pf, but you can't use the ($exf_if) parenthesis extension for it, you would need to use $ext_if:0 instead, see
https://forums.freebsd.org/threads/...al-scope-of-an-ipv6-address-in-pf-conf.71298/ ).