Old 4th November 2011
Yes, now I understand, but I am afraid I cannot help you much further

When the connections hang again, but before you to restart pf, you could do the following two things;
  • redirect the pfctl -s info output to file and investigate that.
  • redirect the output of pfctl -vvsr to file for diagnosis

FreeBSD has a rather old version of pf. You could try to get the latest OpenBSD release 5.0 and see whether that solves the problem. Be aware though, that in OpenBSD 4.7 the NAT/RDR syntax has changed. See
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
