FreeBSD: Firewall separado de proxy

<-------------- No GATEWAY (192.168.0.254) --------------------->
# sysctl -a | grep ip.redirect
net.inet.ip.redirect: 0

pf.conf on gateway (192.168.0.254):
pass in quick on $int_if route-to ($int_if 192.168.0.250) proto tcp from
! 192.168.0.250 to any port 80
<-------------- FIM GATEWAY (192.168.0.254) --------------------->


<-------------- NO PROXY SERVER (192.168.0.250) --------------------->
# sysctl -a | grep ip.redirect
net.inet.ip.redirect: 0

pf.conf (Proxy Server 192.168.0.250):
rdr inet proto tcp from ! 192.168.0.250 to any port www -> 192.168.0.250
port 8080
<-------------- FIM PROXY SERVER (192.168.0.250) --------------------->