It has been a while, but I think you need to replace your pf.conf fragment with something along the line of,
Code:
pass in on $phys_if from $c1_tunnel_dst to $c1_tunnel_src label "c1_tunnel"
match in log(matches) on $c1_tunnel tag "c1"
match in log(matches) on $phys_if from any to $c1_escape tag "c1"
pass in log(matches, all) on $c1_tunnel proto tcp to port 80 \
rdr-to 127.0.0.1 port 1001 \
reply-to ($c1_tunnel 10.0.0.5) \
tagged "c1" label "c1_proxied_traffic"
with
Code:
pass in log(matches, all) quick on $phy_if inet proto 97 \
from c1_tunnel_dst to (c1_tunnel_src) \
keep state
pass out log(matches, all) quick on $phy_if inet proto 97 \
from (c1_tunnel_src) to c1_tunnel_dst \
keep state
pass out log quick on $c1_tunnel inet proto tcp \
from <FARSIDE_LAN> to <NEARSIDE_LAN> port 80 \
rdr-to 127.0.0.1 port 1001 \
reply-to ($c1_tunnel 10.0.0.5) \
tag UNENCAP_TRAFFIC_FOR_LOCAL label "c1_proxied_traffic"
You must first pass in/out the gif encap packets (which i think is proto 97*), then pass in/out the deencapsulated tcp packets. (* Don't confuse proto IDs with ports.)