FreeBSD 12.2-Release seems to not handle the case, if it receives packets using tcp large receive offloading (lro) and needs to forward such packets on another interface, with a smaller MTU. This is exactly what happens on the return path from the internet to your jail for tcp connections. To mitigate this, turn off lro on the host’s external network interface.