Hairpin NAT whith two local subnets

Hello.
I have two local subnets: 172.16.0.0/24 interface:srv and 172.16.8.0/24 interface:pc adn one public ip 1.1.1.1 interface: eth1
Here is my nat rules:
Flags: X - disabled, I - invalid, D - dynamic
0
chain=dstnat action=dst-nat to-addresses=172.16.0.41 protocol=tcp dst-address=1.1.1.1 dst-address-type=local in-interface=ether1 dst-port=443

1 ;;; to-nvk-rdcb01
chain=dstnat action=dst-nat to-addresses=172.16.0.41 protocol=tcp dst-address=1.1.1.1 dst-address-type=local in-interface=ether1 dst-port=80

2 chain=srcnat action=masquerade protocol=tcp src-address=172.16.8.0/24 dst-address=172.16.0.41 out-interface=pc
dst-port=80,443

3 chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=“”

Hairpin NAT doesen’t work, please help me what i doing wrong?

You’ll have to remove the in-interface filter from your dstnat’s as hairpin doesn’t come thru the WAN interface and won’t match. You already have dst-address and dst-address-type filters so it will still work properly.

I also don’t put a dst-address filter on my hairpin rule, so I’m not sure if that’s the right ip address (should it be internal or external ip?). I use src-address, dst-port and out-interface, protocol and port. Is “pc” the name of your bridge for 172.16.8.0? You’ll also need a separate hairpin rule for your 172.16.0.0/24 subnet if you want to hairpin it as well.