If I were you, I first would reorganize the pf.conf. Order the rules nicely by interface and direction. Add
quick if you want to defeat pf's
the last matching rule wins strategy.
For the internal interface this would look like this:
Code:
# ----- INTERNAL INTERFACE in
pass in quick on em1 inet proto tcp from 192.168.1.0/24 to "my external ip" port = 80 flags S/SA rdr-to 127.0.0.1 port 5000
# ---- INTERNAL INTERFACE out
pass out quick on $int_if all
Also run
tcpdump on the
pflog0 device to check whether any rule blocks the HTTP traffic.
From another xterm run
tcpdump on the internal interface to see the proxied packets (port 80).