I have lots of jails that are all configured the same way. On a NAT with ports forwarded to the host.
The host has the following two interfaces:
ix0 192.168.0.8 (physical interface)
wg0 10.0.0.8 (wireguard interface)
I can access the hosts services such as ssh or web ui at 192.168.0.2:22 or 10.0.0.8:22
But the jail forwarded ports are only accessible on 192.168.0.8:2222 and are blocked to 10.0.0.8:2222
How is the port forwarding working? Does it only convert host subnet 192.168.0.x addresses to the jails vnet address 172.16.0.x? or is it meant to bind the interfaces?
I have never had issues like this when I bind ports on docker containers. Something strange is happening here and jail port forwarding is not working with wireguard at all.
The host has the following two interfaces:
ix0 192.168.0.8 (physical interface)
wg0 10.0.0.8 (wireguard interface)
I can access the hosts services such as ssh or web ui at 192.168.0.2:22 or 10.0.0.8:22
But the jail forwarded ports are only accessible on 192.168.0.8:2222 and are blocked to 10.0.0.8:2222
How is the port forwarding working? Does it only convert host subnet 192.168.0.x addresses to the jails vnet address 172.16.0.x? or is it meant to bind the interfaces?
I have never had issues like this when I bind ports on docker containers. Something strange is happening here and jail port forwarding is not working with wireguard at all.
Code:
ifconfig ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=e13abb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO6,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6> ether d0:50:99:d1:12:76 inet 192.168.0.8 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=9<PERFORMNUD,IFDISABLED> ix1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=e53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6> ether d0:50:99:d1:12:77 media: Ethernet autoselect status: no carrier nd6 options=1<PERFORMNUD> ix2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=e53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6> ether d0:50:99:d1:12:78 media: Ethernet autoselect status: no carrier nd6 options=1<PERFORMNUD> ix3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=e53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6> ether d0:50:99:d1:12:79 media: Ethernet autoselect status: no carrier nd6 options=1<PERFORMNUD> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> pflog0: flags=0<> metric 0 mtu 33160 groups: pflog wg0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1420 options=80000<LINKSTATE> inet 10.0.0.8 --> 10.0.0.8 netmask 0xffffffff groups: tun nd6 options=101<PERFORMNUD,NO_DAD> Opened by PID 2152 vnet0.3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: associated with jail: test as nic: epair0b options=8<VLAN_MTU> ether d2:50:99:ae:1b:75 hwaddr 02:f0:56:a2:ba:0a inet 172.16.0.1 netmask 0xfffffffc broadcast 172.16.0.3 groups: epair media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) status: active nd6 options=1<PERFORMNUD>