I don't understand why you are too lazy to post your updated pf.conf. I you want people to help you, you should help those people
The following two rules are enough to redirect ssh traffic.
Code:
EXT_IF = bge0
set skip on lo0
rdr on $EXT_IF inet proto tcp from any to any port 55555 tag SSH -> 192.168.222.11 port 22
# default policy
block log all
pass in quick on $EXT_IF tagged SSH
When testing redirection there are two issues most people run into:
- Testing from the internal LAN
As explained in http://www.openbsd.dk/faq/pf/rdr.html#reflect accessing the external IP from the internal LAN does not cause redirection to work.
You, or a friend, really needs to test from the Internet side.
- Routing
The default gateway of the box receiving the redirected traffic should be correct.
If you redirect traffic to the internal LAN, the internal NIC of the firewall should be set as the default gateway.
In case you use a DMZ the DMZ NIC of the firewall is the default gateway.
If you forget this, like I did a couple of times, tcpdump will not show any blocked packets. Running tcpdump on the server NIC will even show the packets coming in.The server just doesn't know how to route the it's answer packets.