Code:
#
rdr on $ext_if proto tcp from any to ($ext_if) port 80 -> <server ip> port 80
rdr on $ext_if proto tcp from any to ($ext_if) port 25 -> <server ip> port 25
#
pass in on $ext_if proto tcp from any to ($ext_if) port 80 synproxy state # <- this rule, as written, will NEVER be true because the rdr re-write has occurred.
pass in on $ext_if proto tcp from any to ($ext_if) port 25
#
rdr action occurs first and changes the packet's dest to
<server_ip> from
($ext_if); therefore, the working rdr-pass pair is as follows
Code:
#
rdr on $ext_if inet proto tcp \
from any to ($ext_if) port 80 -> <server ip> port 80
#
pass in on $ext_if inet proto tcp \
from any to <server_ip> port 80 synproxy state
#
And, imo, I prefer using tag/tagged and let pf keep track of the ip-addr-in-motion...
Code:
#
rdr on $ext_if inet proto tcp \
from any to ($ext_if) port 80 tag OKHTTP -> <server ip> port 80
#
pass in on $ext_if inet proto tcp \
tagged OKHTTP synproxy state
#
pass out on $LNETTR_if inet proto tcp \
tagged OKHTTP keep state
#