I have lots of jails that are all configured the same way. On a NAT with ports forwarded to the host.
The host has the following two interfaces:
ix0 192.168.0.8 (physical interface)
wg0 10.0.0.8 (wireguard interface)
I can access the hosts services such as ssh or web ui at 192.168.0.2:22 or 10.0.0.8:22
But the jail forwarded ports are only accessible on 192.168.0.8:2222 and are blocked to 10.0.0.8:2222
How is the port forwarding working? Does it only convert host subnet 192.168.0.x addresses to the jails vnet address 172.16.0.x? or is it meant to bind the interfaces?
I have never had issues like this when I bind ports on docker containers. Something strange is happening here and jail port forwarding is not working with wireguard at all.
The host has the following two interfaces:
ix0 192.168.0.8 (physical interface)
wg0 10.0.0.8 (wireguard interface)
I can access the hosts services such as ssh or web ui at 192.168.0.2:22 or 10.0.0.8:22
But the jail forwarded ports are only accessible on 192.168.0.8:2222 and are blocked to 10.0.0.8:2222
How is the port forwarding working? Does it only convert host subnet 192.168.0.x addresses to the jails vnet address 172.16.0.x? or is it meant to bind the interfaces?
I have never had issues like this when I bind ports on docker containers. Something strange is happening here and jail port forwarding is not working with wireguard at all.
Code:
ifconfig
ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=e13abb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO6,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6>
ether d0:50:99:d1:12:76
inet 192.168.0.8 netmask 0xffffff00 broadcast 192.168.0.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=9<PERFORMNUD,IFDISABLED>
ix1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=e53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether d0:50:99:d1:12:77
media: Ethernet autoselect
status: no carrier
nd6 options=1<PERFORMNUD>
ix2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=e53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether d0:50:99:d1:12:78
media: Ethernet autoselect
status: no carrier
nd6 options=1<PERFORMNUD>
ix3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=e53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether d0:50:99:d1:12:79
media: Ethernet autoselect
status: no carrier
nd6 options=1<PERFORMNUD>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
groups: pflog
wg0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1420
options=80000<LINKSTATE>
inet 10.0.0.8 --> 10.0.0.8 netmask 0xffffffff
groups: tun
nd6 options=101<PERFORMNUD,NO_DAD>
Opened by PID 2152
vnet0.3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: test as nic: epair0b
options=8<VLAN_MTU>
ether d2:50:99:ae:1b:75
hwaddr 02:f0:56:a2:ba:0a
inet 172.16.0.1 netmask 0xfffffffc broadcast 172.16.0.3
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=1<PERFORMNUD>
