Although I could not test, the following snippet using tags. should do it.
Code:
EXT = xl0
INT = rl0
nat on $EXT from 192.168.1.0/24 to any -> ($EXT)
nat on $EXT from 192.168.2.0/24 to any -> ($EXT)
rdr on $EXT inet proto tcp to $EXT port 666 tag RDR_OK -> 192.168.1.20
block log all
pass in quick on $EXT tagged RDR_OK
pass out quick on $INT tagged RDR_OK
On my test machine (just a syntax test), this will expand to
Code:
# pfctl -vvnf labels-rdr
EXT = "xl0"
INT = "rl0"
@0 nat on xl0 inet from 192.168.1.0/24 to any -> (xl0) round-robin
@1 nat on xl0 inet from 192.168.2.0/24 to any -> (xl0) round-robin
@2 rdr on xl0 inet proto tcp from any to 10.0.0.200 port = 666 tag RDR_OK -> 192.168.1.20
@0 block drop log all
@1 pass in quick on xl0 all flags S/SA keep state tagged RDR_OK
@2 pass out quick on rl0 all flags S/SA keep state tagged RDR_OK