home router with internal services available question

[rance at frontiernet.net]

Hello everyone, I'm a new freebsd user (been a linux user for some  
time, so I'm
comfortable with unix-like os structures and the cli)

I'm trying to build a freebsd home router with the pf firewall, all  
the documentation I'm
reading suggests that this is quite possible.

in fact, there are faq-example files in /usr/share/examples/pf that  
give you MOST of the
basic setup stuff that you would need to do this.

I had a basic NAT setup that was almost working.   dhcp requests on my  
lan were not
getting answered by the gateway host.

I looked at the firewall rules and figured it was because there wasn't  
a specific way to
handle port 67 data (if should be handled by the internal interface of  
the freebsd box.

With the firewall disabled Lan machines can get an IP address, but  
cant surf the net,
with the firewall enabled they can surf the net, but cant get a dhcp address.

I've googled and can't find anything that specifically addresses this issue.

I searched the list archives and found nothing there.

I'm sure the answer to my question is an exception to the NAT routing rule.

Ive tried to work on one of my own, but I keep breaking the whole firewall

My setup is like this

internet--->isp dsl modem with built in firewall---> freebsd box (as  
gateway)--> LAN

right now I'm working with the limited protection of the dsl modem.  
but want to get the
freebsd box working so I can do away with the other router and give  
the freebsd box my
public ip address.


Assume that the pf.conf is a copy of /usr/share/examples/faq-example1  
but I don't need
the ftp proxy rule, so I commented that out.

I've specified the inernal and external interfaces correctly

and I've added a "me" macro for use with the routing rule for dns/dhcp  
services.

could someone please explain the "right" way to do this, or point me  
to the right doc,
I'm willing to learn if I can find the right teacher.

Thanks all for your help