Bascially trying to bring up another internet connection, 3rd one, and
want to provide some internet accessible services via the non primary
connection.  All connections are handed off to me as straight ethernet
with static IP's, no pppoe or the like.  Things work fine off the
primary conneciton, the second one I just use for web surfing traffic
(nothing coming in from it), and this 3rd one will replace the primary
after a while.

$Greg_ip is a host on the internet I use for testing from outside.

isp3EXTwebserver_ip = "internetip/32"
DMZwebserver = "dmzip/32"
nat on $isp3_if from $DMZwebserver to any -> $isp3EXTwebserver_ip
nat on $isp1_if from $DMZwebserver to any -> $EXTwebserver
rdr on $isp3_if proto tcp from $greg_ip to $isp3EXTwebserver_ip port
https -> $DMZwebserver port https

pass in quick on $isp3inet_if reply-to ($isp3_if $isp3_gw) proto tcp
from $greg_ip to $DMZwebserver port https keep state
#pass out quick on $dmz_if from any to any
#pass in quick on $dmz_if from any to any
pass out quick on $dmz_if from any to $DMZwebserver keep state
pass in quick on $dmz_if from any to any keep state
pass out quick on $isp3inet_if from any to $greg_ip

Using tcpdump
Request comes in Via isp3 interface
Passed out the DMZ interface to the server
Server replies on DMZ interface, and that's it never makes it back out
any other interface.
I then see on the DMZ interface a icmp host unreachable sent to the
web server.  Block-policy is set to drop.  What else can I do to see
why it is sending the icmp host unreachable and the reply not making
it back to the internet?

I moved the rules to the top and put quicks on them so they are the
first rules evaluated.  Running OpenBSD 4.5 stable, all patched up.  I
also put a route-to for surfing and my machine behind it can surf the
internet send pings out other traffic through the isp3 interface just
fine.