Let's say I have a service running on privateIP on privatePort and wish to enable connections to it via publicIP on publicPort.
That easy, we just set up a dst-nat action on dstnat chain in the NAT table from dst-address=publicIP dst-port=publicPort to to-address=privateIP to-port=privatePort.
And now anyone outside of my LAN that tries to access the service using the public values get access and all is good with the world.
But if I try to use the public values from INSIDE the LAN, it seems to not work. I had originally thought this might be because I didn't have something in srcnat chain but I can see a single packet in the statistics for my dst-nat action. Is such a configuration possible or do I just need to use the private values inside the LAN?