Maybe I should have been more specific.  These are just the rules for these
ports.  I have generic rules listed afterwards to handle generic
redirection.

Outbound is to the internet...
Inbound is to my local machine...

I need top allow connections (tcp) originated on port 47624 for 10.0.0.1 to
go out on the internet on port 47624 (like a service).
I need to allow connections (tcp/udp) originated on either the internet or
the local machine on specific ports 2300-2400 and 28800-28912 to map to the
same port range on the other side of the internet.  I don't (think) need
2400 to map to 2400, just 2400 to map to 2300-2400.

That said, maybe I need the following change:
map ep0 10.0.0.1/0 port 47624 -> 0.0.0.0/32 port 47624
rdr ne1 0.0.0.0/32 tcp/udp port 2300:2400 -> 10.0.0.1/0 tcp/udp port
2300:2400
map ep0 10.0.0.1/0 tcp/udp port 2300:2400 -> 0.0.0.0/32 tcp/udp port
2300:2400
rdr ne1 0.0.0.0/32 tcp/udp port 28800:28912 -> 10.0.0.1/0 tcp/udp port
28800:28912
map ep0 10.0.0.1/0 tcp/udp port 28800:28912 -> 0.0.0.0/32 tcp/udp port
28800:28912

where the inbound rules use rdr to change to the local address (If I
understood Frederick correctly).

Would it be possible to update the man page such that this critical
information is included?  The current format is attrocious and doesn't even
explain the tags used.