If you need to, you can do further confirmation. On your OpenBSD system, you can use
tcpdump(8) to watch packets as they move in and out, and, if you were to set your rules to log traffic, you could also use tcpdump(8) with
pflogd(8) and
pflog(4). Your destination webservers may have tcpdump(8) or similar tools available.
The better performing solution would be to use split DNS; if you set up an "internal zone" DNS server, then you will not need to re-route all packets destined for internal addresses through your firewall, as this solution you're stuck on will do.