PF redirect local outgoing packets


I'm trying to setup port multiplexing using sslh importantly I have to use that nice 'transparent' feature that makes traffic from sslh distributed locally to look like it comes from external interface. It looks something like this :

Browser[A]-----------[http/ssl]-------> sslh[B 443] ------------nginx[C 4443]----> ......
                              IP A -> IP B                             IP A -> IP C  - nginx is in jail :)                

....-----------------> skipped sslh[B 443] --------------------> Browser[A]
 reply back     IP C:4443 -> IP A[some port]     [TRAFFIC IGNORED]

Now of course IP C can't directly connect to IP A because this brakes the session. The jail is behind NAT so actually IP A receives packets that doesn't expect at all.

I tried to add rdr rules to change IP A to IP B:443 instead so that sslh will receive them. It was unsuccessful. Also I tried to add rule to NO NAT for that specific case and again try to redirect. No success again. Then I searched around and found that actually outgoing packets can't be redirected by packet filter. The most interesting discussion I came across was this one from the freebsd mailing lists :

Unfortunately that didn't work out for me too.

If somebody knows how I could do that I would be grateful! If one would like to see some traces or details around the actual setup I could provide that too.