Configure NetBSD as a gateway for LAN hosts

[Rocky Hotas <rockyhotas%firemail.cc@localhost>]

Hello!
Thanks to your suggestions for a NIC (in particular, thanks to Martin:
Realtek worked), I configured a second NIC in a NetBSD 9.0 (release)
machine.
I would like to use it as a 1) gateway and 2) DHCP server, but didn't
find much documentation as regards problem 1).

Assume that the machine's hostname is netbsd_gateway and its two NICS
are NIC1 and NIC2.

My intention is to create two subnets: subnet1 for all the LAN hosts,
included NIC1, and subnet2 just for NIC2 and the modem. This second
subnet should never be directly accessible from the LAN hosts.

In this moment, netbsd_gateway should simply forward the packets
(sent from LAN hosts to the external internet) to the modem and the
packets from the modem (coming from internet) to the proper LAN
destination host.

(As a further step, I would like to use a traffic shaping tool, to tweak
the available bandwidth and priority for single hosts, but this is a
separate problem).

IIUC, some preliminary operations are:

- put `net.inet.ip.forwarding=1' in /etc/sysctl.conf;
- put `gateway_enable="YES"' in /etc/rc.conf.

But then I don't know how to proceed. Which is the correct approach?
Should I use npf? I found that /usr/share/examples/npf/l2tp_gw-npf.conf
depicts something similar to what I'm trying to do, but it includes
several filterings and protocols.
Should I build a bridge? And how to configure the routing tables?

I'm aware that these are many questions.
Of course, if anyone knows about a tutorial or guide, it's hugely
welcome!

Thank you in any case,

Rocky