Good to hear. When you have it worked out, we (and anyone who finds this thread at the end of a google search) would be interested in the solution you worked out.
(for instance, there may have been a problem with the rdr rules that I specified - I am going to try it and see later - that may prevent ssh sessions from continuing. When the local and remote machines start communication, state rules created by the nat engine would reset the 'to' address, so my rdr rules will not see the packets, because they will no longer have the to address set to ($ext_if). This means that the necessary port redirection may not take place. Or maybe pf will recognise what we are trying to do and make it just so. Perhaps this would be better:
Code:
rdr on $ext_if from any to {($ext_if), 102.168.1.101} port 1022 -> 102.168.1.101 port 22
Not that i know that it would work or not.)