I use only if_epair and then pf to NAT it to the external world. I’ve only had issues with if_bridge, where I would either be able to make connections between jail and the external world, but not between host and jail or vice versa (between host and jail fine, but not between jail and external world). And it would act really flaky, like getting one ping response, followed by silence. pf is a lot simpler and more reliable.