Just an example for my message above: I created a simple nginx-deployment and service I found somewhere looking for MetalLB showcases:

yaml
apiVersion: apps/v1 
kind: Deployment 
metadata: 
  name: nginx-deployment 
spec: 
  selector: 
    matchLabels: 
      app: nginx 
  replicas: 2
  template: 
    metadata: 
      labels: 
        app: nginx 
    spec: 
      containers: 
      - name: nginx 
        image: nginx:latest 
        ports: 
        - containerPort: 80
---
apiVersion: v1 
kind: Service 
metadata: 
  name: nginx 
spec: 
  type: LoadBalancer 
  selector: 
    app: nginx 
  ports: 
  - port: 80 
    name: http

The MetalLB took one IP from the pool I provided (within the netmaker network) and exposed port 80 on it. So in my case

10.10.10.100:80

was reachable from within the wireguard network but (as stated above) not from my external clients. For better visualization I added the netmaker graph.