Its simple and works very well.
So if my webserver is video.myserver.com with local IP 192.168.100.50, it will have a public DNS record for external users to pint to 82.xx.xx.xx and a local DNS entry to point to 192.168.100.50.
One line (DNS) to add for each services, No change in any NAT rules
When you setup Hairpin NAT and have a dynamic IP on the outside, you do need to use the Cloud function (or other dyndns system) and change all your NAT setup to get it to work.
Also found this good comment by thirdstreetzero on reddit:
Anyone has a comment to this?It breaks all kinds of fundamental standards and norms, not to mention statistics, security, things like fasttrack, etc. It makes transitions away from your current configuration more difficult. It's impossible for future people to interpret, as it shouldn't be done and without adequate explanation can often require a confusing mess of other work, especially if you've got any queues or packet mangling.
Imagine wanting to go into your living room, but to do so you need to go out the back door, around the block, and in through your front door. If that seems too much of an exaggeration, draw out what you are planning on doing using networking nomenclature. It's equally silly. Your problem, if you state it properly, is that you are not addressing the resource in a way that allows you the shortest path to it. So the problem is how you address it, not how you access it. Once you have accepted that, you can move to the next problem, which is ubiquitous access methods. You don't want to think about where you are, or what network you're on, in order to access the resource. Clearly using the local IP won't work, since that won't work outside the network. Luckily, we have a solution in DNS. Now all that's left is to configure a local DNS server to handle requests from within and around the local network, and configure your external DNS to do the same.
People use meth to escape their shitty lives. People speed in their cars because they can't manage their time well. People don't pick their dogs shit up because they're lazy. This is similar - people that have no idea what they're doing have created a solution to a problem they don't understand. This was made worse for a long time by shitty router manufacturers that included (and still do include) options to implement this specifically, because it quickly satisfies, as you said, a common problem. That does not mean it's correct. It isn't. You have literally everything you need on any ROS device to handle this problem correctly, without ever using hairpin NAT.
Any good reason for using Hairpin NAT other than you do not have a local DNS server?