Fix networking to jails.

ansible/roles/firewall/files/homeserver_pf.conf

@@ -2,6 +2,8 @@ ext_if = "{ igb0 igb1 ix0 ix1 wlan0 }"
 not_ext_if = "{ !igb0 !igb1 !ix0 !ix1 !wlan0 }"
 jail_nat_v4 = "{ 10.215.1.0/24 }"
 not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
+restricted_nat_v4 = "{ 10.215.2.0/24 }"
+not_restricted_nat_v4 = "{ any, !10.215.2.0/24 }"
 
 dhcp = "{ bootpc, bootps }"
 allow = "{ wgh wgf }"
@@ -23,7 +25,8 @@ rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1
 nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (wlan0)
 rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.2.1 port 53 -> 1.1.1.1 port 53
 
-rdr pass on $ext_if inet proto tcp from any to any port 8081 -> 10.215.2.2 port 8081
+rdr pass on $ext_if inet proto tcp from $not_restricted_nat_v4 to any port 8081 -> 10.215.2.2 port 8081
+nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8081 -> 10.215.2.1
 
 # Forward ports for unifi controller
 # rdr pass on $ext_if inet proto tcp from any to any port 65022 -> 10.213.177.8 port 22
@@ -36,6 +39,8 @@ pass out on $ext_if
 pass in on jail_nat
 # Allow traffic from my machine to the jails/virtual machines
 pass out on jail_nat from $jail_nat_v4
+pass out on jail_nat proto {udp, tcp} from any to 10.215.1.202 port $unifi_ports
+pass out on restricted_nat proto {udp, tcp} from any to 10.215.2.2 port 8081
 
 pass in on restricted_nat proto {udp, tcp} from any to any port { 53 51820 }