Maybe you need something like
rdr on $inet_if from <lf> to 64:ff9b::/96 -> 2001:8b0:6464:0:66::/96

(In reply to Lexi Winter from comment #0)

> pass out quick on $inet_if from <lf> to 64:ff9b::/96 rdr-to 2001:8b0:6464:0:66::/96

You're applying destination change *after* routing. This does not make much sense to me. rdr-to should be applied on inbound direction, so that packet can be routed towards the new address.

(In reply to Dobri Dobrev from comment #1)
> Maybe you need something like
> rdr on $inet_if from <lf> to 64:ff9b::/96 -> 2001:8b0:6464:0:66::/96

This is the old FreeBSD syntax, FreeBSD 15 will support the new OpenBSD syntax, so rdr-to is the preferred way on 15.

Comment 3 commit-hook 2025-10-30 17:45:35 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=646798b6783184fb194a2d97667e05895e00c358

commit 646798b6783184fb194a2d97667e05895e00c358
Author:     Kajetan Staszkiewicz <ks@FreeBSD.org>
AuthorDate: 2025-10-01 13:51:46 +0000
Commit:     Kajetan Staszkiewicz <ks@FreeBSD.org>
CommitDate: 2025-10-30 17:32:21 +0000

    pf: Make nat-to and rdr-to work properly both on in and out rules

    New-style address translation is done by nat-to and rdr-to actions on
    normal match and pass rules. Those rules, when used without address
    translation, can be specified without direction. But that allows users
    to specify pre-routing nat and post-routing rdr. This case is not
    handled properly and causes pre-routing nat to modify destination
    address, as if it was a rdr rule, and post-routing rdr to modify source
    address, as if it was a nat rule.

    Ensure that nat-to action modifies source address and rdr-to destination
    address no matter in which direction the rule is applied. The man page
    for pf.conf already specifies that nat-to and rdr-to rules should be
    limited to respective directions.

    PR:             288577
    Reviewed by:    kp
    MFC after:      3 days
    Sponsored by:   InnoGames GmbH
    Differential Revision:  https://reviews.freebsd.org/D53216

 sys/netpfil/pf/pf_lb.c      | 16 +++++++++++++--
 tests/sys/netpfil/pf/nat.sh | 47 +++++++++++++++++++++++++++++++++++++++------
 2 files changed, 55 insertions(+), 8 deletions(-)

Comment 4 commit-hook 2025-11-11 17:39:10 UTC

A commit in branch stable/15 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=562648ad414545bb4fb1f6da26273032c20875f3

commit 562648ad414545bb4fb1f6da26273032c20875f3
Author:     Kajetan Staszkiewicz <ks@FreeBSD.org>
AuthorDate: 2025-10-01 13:51:46 +0000
Commit:     Kajetan Staszkiewicz <ks@FreeBSD.org>
CommitDate: 2025-11-11 13:16:42 +0000

    pf: Make nat-to and rdr-to work properly both on in and out rules

    New-style address translation is done by nat-to and rdr-to actions on
    normal match and pass rules. Those rules, when used without address
    translation, can be specified without direction. But that allows users
    to specify pre-routing nat and post-routing rdr. This case is not
    handled properly and causes pre-routing nat to modify destination
    address, as if it was a rdr rule, and post-routing rdr to modify source
    address, as if it was a nat rule.

    Ensure that nat-to action modifies source address and rdr-to destination
    address no matter in which direction the rule is applied. The man page
    for pf.conf already specifies that nat-to and rdr-to rules should be
    limited to respective directions.

    PR:             288577
    Reviewed by:    kp
    MFC after:      3 days
    Sponsored by:   InnoGames GmbH
    Differential Revision:  https://reviews.freebsd.org/D53216

    (cherry picked from commit 646798b6783184fb194a2d97667e05895e00c358)

 sys/netpfil/pf/pf_lb.c      | 16 +++++++++++++--
 tests/sys/netpfil/pf/nat.sh | 47 ++++++++++++++++++++++++++++++++++++++++-----
 2 files changed, 56 insertions(+), 7 deletions(-)

Comment 5 Mark Linimon 2025-11-13 00:10:37 UTC

^Triage: fix brain-o.  Please just close if neither MFC apply.