I use the following pf.conf file for an internal network that passes through the openbsd gateway box then goes its way to the external firewall -> then outside The problem is that often packets are dropped, for ex. pingging google.com from an internal network's hosts results in almost 40-50 % of the packets dropped... Do you know anything that may be the cause of the problem (i.e pf timeout settings, queue design errors, passing packets errors, kernel options, etc?)
Can narrow it down real quick with tcpdump. Use it on both the internal and external interfaces, and make sure the packets appear on both. If they appear on one but not the other, then the machine isn't passing them for some reason. To figure out if it's pf, just disable it (pfctl -d) and see what happens. If it is pf, add log to all of your block rules, and apply tcpdump (use -e) to pflog0. Use pfctl -vvsq to watch the drop counts in the queues. If it isn't pf, the "packets not forwardable" counter in netstat -p ip will at least tell you if the kernel doesn't like routing them. Keep an eye on /var/log/messages for general errors, especially from network hardware.
