For anyone that is interested I had to make some changes to my IPFilter rules to get everything to work right.  Here is the new ipf.rules.  I removed the "flags S/AS" from the lines allowing traffic in to port 22, 25, 80, and 443.  Some of the FAQs recomended this, but it does not allow a full connection.


#############################
# /etc/ipf.rules
# Dustin Cross, OpenBSD 2.8
# August 1, 2001
#############################

#############################
# Begin Ruleset
#############################

# Block known problem systems to keep logs clean
# block in quick on le0 from xxx.xxx.xxx.xxx to any

# Loopback device rules
pass out quick on lo0
pass in quick on lo0

# Internal interface
pass in quick on hme0 
pass out quick on hme0

# BEGIN RULES FOR PIPE TO THE WORLD

# Block frags
block in log quick on le0 all with frags

# Block short tcp packets
block in log quick on le0 proto tcp all with short

# Drop source routed packets
block in log quick on le0 all with opt lsrr
block in log quick on le0 all with opt ssrr

# Deny nmap OS fingerprint attempts
block in log quick on le0 proto tcp from any to any flags FUP

# Do not allow spoofing of private block addresses (in or out)
block in log quick on le0 from 0.0.0.0/8 to any
block in log quick on le0 from 10.0.0.0/8 to any
block in log quick on le0 from 172.16.0.0/12 to any
block in log quick on le0 from 192.168.0.0/16 to any
block out log quick on le0 from any to 0.0.0.0/8
block out log quick on le0 from any to 10.0.0.0/8
block out log quick on le0 from any to 172.16.0.0/12
block out log quick on le0 from any to 192.168.0.0/16

#########################################
# New rules that work
# Punch holes here
pass in log quick on le0 proto tcp from any to le0 port = 22
pass in log quick on le0 proto tcp from any to le0 port = 25
pass in quick on le0 proto tcp from any to le0 port = 80
pass in quick on le0 proto tcp from any to le0 port = 443

########################################
# OLD Rules that don't work
# These rules would might work with "flags S/SA keep state"
# Punch holes here
# Flags S/SA only allows packets with the SYN and SYNACK flags set
# This prevents many forms of portscanning such as FIN scanning
pass in log quick on le0 proto tcp from any to le0 port = 22 flags S/SA 
pass in log quick on le0 proto tcp from any to le0 port = 25 flags S/SA 
pass in quick on le0 proto tcp from any to le0 port = 80 flags S/SA 
pass in quick on le0 proto tcp from any to le0 port = 443 flags S/SA 
#####################################


# Allow ICMP ECHO_REPLY (type 0) and ICMP TTL_EXCEEDED (type 11)
pass in log quick on le0 proto icmp from any to le0 icmp-type 0
pass in log quick on le0 proto icmp from any to le0 icmp-type 11

# Block and log specific ports to catch common types of attacks
# RETURN-RST returns reset to give the appearence of no packet filter running and no services running
# RETURN-ICMP-AS-DEST(port-unr) returns port-unreachable to give the appearence of no packet filter and no services running
block return-rst in log quick on le0 proto tcp from any to any port = 21
block return-rst in log quick on le0 proto tcp from any to any port = 22
block return-rst in log quick on le0 proto tcp from any to any port = 23
block return-rst in log quick on le0 proto tcp from any to any port = 25
block return-icmp-as-dest(port-unr) in log quick on le0 proto udp from any to any port = 53
block return-rst in log quick on le0 proto tcp from any to any port = 80
block return-rst in log quick on le0 proto tcp from any to any port = 110
block return-icmp-as-dest(port-unr) in log quick on le0 proto udp from any to any port = 111
block return-rst in log quick on le0 proto tcp from any to any port = 111
block return-rst in log quick on le0 proto tcp from any to any port = 135
block return-rst in log quick on le0 proto tcp from any to any port = 137
block return-rst in log quick on le0 proto tcp from any to any port = 139
block return-rst in log quick on le0 proto tcp from any to any port = 443
block return-icmp-as-dest(port-unr) in log quick on le0 proto udp from any to any port = 514
block return-rst in log quick on le0 proto tcp from any to any port = 515
block return-icmp-as-dest(port-unr) in log quick on le0 proto udp from any to any port = 2049
block return-rst in log quick on le0 proto tcp from any to any port = 2049
block return-rst in log quick on le0 proto tcp from any to any port = 6000

# Deny all inbound traffic by protocol and catch anything that falls through
# RETURN-RST returns reset to give the appearence of no packet filter running and no services running
# RETURN-ICMP-AS-DEST(port-unr) returns port-unreachable to give the appearence of no packet filter and no services running
block return-rst in log quick on le0 proto tcp from any to any
block in log quick on le0 proto icmp from any to any
block return-icmp-as-dest(port-unr) in log quick on le0 proto udp from any to any
block in log quick on le0 from any to any

# Deny access to systems here...
# block out quick on le0 from any to xxx.xxx.xxx.xxx

# Pass out all traffic and keep state to allow it to return
# Flags S ensures state tracking only on the first outbound tcp packet
pass out quick on le0 proto tcp from any to any flags S keep state
pass out quick on le0 proto udp from any to any keep state
pass out quick on le0 proto icmp from any to any keep state

#############################
# End Ruleset
#############################