My nat-to uses match, instead of pass, as it is very general:
Code:
match out on $external_nic from !($external_nic) nat-to ($external_nic)
A rdr-to line, note the
from, and no use of
on:
Code:
pass in log quick proto tcp from $internal_net to any port www \
rdr-to 127.0.0.1 port 8080