You only show a PF rule fragment, so these are just guesses:
Guess #1: redirected traffic is blocked, you lack a pass rule for the redirected traffic.
Quote:
Originally Posted by PF Users Guide
NOTE: Translated packets must still pass through the filter engine and will be blocked or passed based on the filter rules that have been defined.
|
Guess #2: the traffic is passed, but the source is sending fragmented packets with the "don't fragment" bit set, which are being dropped by PF traffic normalization due to your
scrub rule.
The
pflog(4) facility can be used to determine if blocking is occurring. If your problem is due to your "scrub" rule, you can either change the rule and retest, or examine the packets on $ext1 and compare them with packets on $pc1.