IPFW IPFW and IP_BINDANY does not work as expected

[xionglingfeng]

add 110 fwd localhost ip from any to any uid 100 in recv vtnet0
add 111 fwd localhost ip from any to any uid 0 in recv vtnet0

I am running a program (squid with TPROXY mode) with IP_BINDANY. Because that program starts TCP connections from spoof IPs, it is required to redirect those traffic by firewall to localhost. The router is correctly configured.

My current IPFW rules are:

add 110 fwd localhost tcp from any 80 to any in via vtnet0
add 111 fwd localhost tcp from any 443 to any in via vtnet0
add 120 fwd localhost,3128 tcp from 172.18.2.0/24 to any 80 in via gre0
add 121 fwd localhost,3129 tcp from 172.18.2.0/24 to any 443 in via gre0

vtnet0 is the physical interface connected to Internet, gre0 is the interface where my router send traffic to the host. Rules 120 and 121 are always work, the program (squid) can receive those traffics from router.
I ran tcpdump -i vtnet0 -vvvv -n host xx.xx.xx.xx on the host, where "xx.xx.xx.xx" is a host I trying to connect. I saw the program sends TCP SYN to xx.xx.xx.xx, and I also saw traffic return from xx.xx.xx.xx to this host. But it seems the host never received those packets. Then I ran ipfw show and found rules 110 and 111 are matched 0 times. It is strange because the returning traffic are correctly match rule 120 and 121 (send from xx.xx.xx.xx. to 172.18.2.x, with source port 80/443).