pass in on gem0 proto tcp from any to 200.13.32.2 port 80 flags S/SA keep state pass in on gem1 proto tcp from any to 216.21.40.2 port 25 flags S/SA keep state
Try reply-to on these.
pass out on gem0 route-to (gem1 216.21.40.1) from gem1 to any pass out on gem1 route-to (gem0 216.21.40.1) from gem0 to any
These will just handle connections initiated on your side. Replies to incoming traffic are dealt with by 'keep state' in the previous two 'pass in' rules. You can confirm this by looking at 'pfctl -sr -vv' output.
