####################################
#### Options and optimizations #####
####################################

....

# Scrub traffic (SIP)
scrub on $ext_if all no-df fragment reassemble
#scrub on $ext_if all

# ALTQ (5Mbit upload)
altq on $ext_if codelq bandwidth 5000Kb queue

#######################
#### NAT & Proxies ####
#######################

....

# Anchors needs to be set after nat/rdr-anchor
# Same as above regarding miniupnpd
anchor "ftp-proxy/*"
# anchor "miniupnpd"

# My services (on another box/ip)
rdr pass on $ext_if inet proto tcp from any to ($ext_if) port 12221 -> 192.168.1.20
rdr pass on $ext_if inet proto tcp from any to ($ext_if) port 12222 -> 192.168.1.20 port 12223

################################
#### Rules inbound (ext_if) ####
################################

...

# Allow FTPs to connect to our FTP-proxy
pass in quick on $ext_if inet proto tcp to ($ext_if) port ftp-data user proxy

# Allow SSH from remote site
pass in quick on $ext_if inet proto tcp from 10.10.10.10 to ($ext_if) port 22