Solved pf - port forwarding

[tOsYZYny]

I am not having luck doing a simple port forward. I want to open up port TCP port 443 on my wan and redirect that to my router, port 8888 (tiny proxy) listening on port lo0 and wired. These are my relevant rules:

nat on wan inet from 192.168.0.0/24 to any -> (wan) round-robin

#rdr pass on wan proto tcp from <stunnel_client> to (wan) port https -> 127.0.0.1 port 8888
rdr pass on wan proto tcp from <stunnel_client> to (wan) port https -> 192.168.0.1 port 8888

net.inet.ip.forwarding: 1

I ran tcpdump on my wan port and see the traffic, but beyond that, nothing. I also ran tcpdump on lo0 and my wired (lan) interfaces, but nothing. I log all traffic finally to pflog interfaces and iterated through all 8 of mine and didn't see the traffic there either.

Side note, I'm not sure why I put round-robin there on nat, perhaps I was thinking before I'd make it multi-homed?

I only allow traffic to select IPs, I'm controlling that via a table, stunnel_client.

I am testing with my mobile hotspot and laptop connected to that using the public IP of the hotspot connection, so it will force traffic through the wan interface. My laptop is configured with the public IP of my router via stunnel.conf to run as a client, and then I'm using firefox to connect to that as an http proxy.

EDIT:
Rereading SirDice's post, I split rdr pass:

rdr on wan proto tcp from <stunnel_client> to (wan) port https -> 127.0.0.1 port 8888
pass quick on wan proto tcp from <stunnel_client> to (wan) port https

This seems to be getting me closer, at least now I see traffic on lo0 to port 8888, I just don't see a response.

EDIT:
This seems to be what I needed.

rdr on wan proto tcp from <stunnel_client> to (wan) port https -> 127.0.0.1
pass in quick on wan proto tcp to 127.0.0.1 port https
pass out quick on wan proto tcp from 127.0.0.1 port https to <stunnel_client>

I'm not sure why I need the pass out quick on wan from localhost, because I have set skip on lo0 set earlier in the conf.

Thanks,