IPFW natd high CPU usage, how to fix?

Hi. I'm very new to FreeBSD, use version 10.1 now. I installed OpenVPN with this tutorial on my server:


After that I installed Apache, MySQL, PHP and Wordpress with these tutorials:



But then my server was very slowly. So I checked with top -H and found that natd is using a lot CPU power, about 70% even in idle mode. I deactivated natd in the rc.conf and the server is running fast again. But now I can't use the server as OpenVPN Gateway. I can connect but no website will load. How can I fix this?
Revise your ipfw(8) configuration, and put all rules dealing with local traffic before any NAT rule.

Anyway, natd is ancient technology, why don't you use the modern in-kernel nat? See ipfw(8) -- NETWORK ADDRESS TRANSLATION (NAT).

Here comes a link to a working example of ipfw/nat for a L2TP/IPsec dial-in VPN server. It should be quite easy to adapt this to OpenVPN -- this is a quite long article, and the Firewall is discussed in the middle of it:

see also: http://blog.obsigna.net/?p=500
This is my firewall configuration now, just out of the box after following the above listed three tutorials:

# ipfw list
00050 divert 8668 ip4 from any to any via em0
00100 allow ip from any to any via lo0
00200 deny ip from any to
00300 deny ip from to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
65000 allow ip from any to any
65535 deny ip from any to any

Can you tell me which rules I should move to which location, please? I will try to adapt your example to my server later. I'm really a beginner.
FWIW I just restart the natd service when it starts to use a lot of cpu. On my home firewall, this means a restart of natd every few months. YMMV