i have CONSOLE
 
in console, key in as small rules as possible
then add one at a time to make it functional

ipfw -q nat 1 config ip pub_ip_1.2.3.4 same_ports unreg_only reset \
 redirect_port udp 10.0.0.1:53 53 \
 redirect_port tcp 10.0.0.2:8080 8080

ipfw add 10 check-state

ipfw add 00100 allow ip from 10.0.0.0/24 to 10.0.0.0/24 check-state
ipfw add 00101 nat 1 ip from 10.0.0.0/24 to any out keep-state
ipfw add 00102 nat 1 ip from not 10.0.0.0/24 to $pub_ip in check-state
ipfw add 65534 deny log all from any to any via $pub_nic