solution: pf with multiple external interfaces for incoming and going traffic.

[Leon Botes]

I am posting this soultion in the hope that it might help someone else 
that has been searching for the answer to running multiple external 
interfaces and wishes to load balance outgoing private lan traffic and 
also have all these interfaces available for incoming connections to a 
dmz server. I claim no credit for this since it is a formulation of many 
  posts to various mailing lists.

example:
## NAT section
#Standard natting for outgoing connections.
nat on $ext_if1 from {$private_net, $dmz_srv} to any -> $ext_if1_ip
nat on $ext_if2 from {$private_net, $dmz_srv} to any -> $ext_if2_ip
nat on $ext_if3 from {$private_net, $dmz_srv} to any -> $ext_if3_ip

#These rdr rules send the incoming connections on the ext_if's to the 
dmz server.
rdr on $ext_if1 inet proto tcp from any to $ext_if1_ip port { 25, 80, 
110 } -> $dmz_srv
rdr on $ext_if2 inet proto tcp from any to $ext_if2_ip port { 25, 80, 
110 } -> $dmz_srv
rdr on $ext_if3 inet proto tcp from any to $ext_if3_ip port { 25, 80, 
110 } -> $dmz_srv

This rdr rule sends traffic from the lan destined for services on the 
ext interfaces to the dmz since the previous rdr rules will have no effect.
rdr on $int_if inet proto tcp to {$ext_if1_ip, $ext_if2_ip, $ext_if3_ip 
} port { 80, 25, 110 } -> $dmz_srv

## RULES section
#The following rules ensure that traffic incoming on the various 
interfaces are routed back out the same interface it arrived on.
pass in quick on $ext_if1 reply-to ( $ext_if1 $ext_if1_router ) inet 
proto tcp from any to $dmz_srv port { 25, 80, 110 } flags S/SA keep state
pass in quick on $ext_if2 reply-to ( $ext_if2 $ext_if2_router ) inet 
proto tcp from any to $dmz_srv port { 25, 80, 110 } flags S/SA keep state
pass in quick on $ext_if3 reply-to ( $ext_if3 $ext_if1_router ) inet 
proto tcp from any to $dmz_srv port { 25, 80, 110 } flags S/SA keep state

#Now to load balance the outgoing traffic. The previous sections are not 
needed if you do not accept incoming connections.
pass in on $int_if route-to { ($ext_if1 $ext_if1_router), ($ext_if2 
$ext_if2_router), ($ext_if3 $ext_if3_router) } round-robin from 
$private_net to any keep state

# The following ensure that packets originating from the lan are routed 
out the correct interface. Although i have found my setup works fine 
without these, the pf guru's recommend it.
pass out on $ext_if1 route-to ($ext_if2 $ext_if2_router) from $ext_if2 
to any
pass out on $ext_if1 route-to ($ext_if3 $ext_if3_router) from $ext_if3 
to any
pass out on $ext_if2 route-to ($ext_if1 $ext_if1_router) from $ext_if1 
to any
pass out on $ext_if2 route-to ($ext_if3 $ext_if3_router) from $ext_if3 
to any
pass out on $ext_if3 route-to ($ext_if1 $ext_if1_router) from $ext_if1 
to any
pass out on $ext_if3 route-to ($ext_if2 $ext_if2_router) from $ext_if2 
to any

Be advised that there could be errors as this was typed in a rush and 
adapted from our own ruleset for the sake of ease of reading.
-- 
Regards
Leon Botes