Stop experimenting. Find out what's actually happening.
Here's a three step diagnostic:
Step 1: Make sure IP forwarding is enabled (I know, I know, it already is, but check anyway, just to be sure, mmkay?).
If it is not enabled, excecute facepalm. If it is enabled, proceed to Step 2.
Step 2: Re-read the section of the PF user's guide, under "Redirection and Reflection".
If the warning, "...But when the redirection rule is tested from a client on the LAN, it doesn't work...." applies to your situation, execute facepalm. If it does not apply, and you are actually testing redirection from a remote facility, proceed to Step 3.
Step 3: Use tcpdump and see what's actually happening.
Example: What block rules are matching?
# tcpdump -neti pflog0 action block
I like to log my pass rules too, so I can see what pass rules match, also.
|