Normally packets received on loopback bypass the tcp checksum calculation since the packet is expected to not leave the host. The packet header is marked as having a good checksum in looutput() even though the th_csum field (for tcp packets) just contains the pseudo header partial sum. If the packet's destination address is re-written to an address which routes it to some other host, the packet will be delivered with a bad checksum and discarded by the target's tcp stack. I can work around this with 'ifconfig lo0 -txcsum' but it would be better if there was a way for pf to detect this situation and repair the checksum.