I have a dynamic address on my external interface. When configuring hairpin nat (nat reflection) on port 80 on that interface, all outgoing traffic on port 80 is "hijacked".
I am following the nat44 example from the VyOS documentation
https://docs.vyos.io/en/latest/configuration/nat/nat44.html
vyos@vyos# show nat destination { rule 100 { description "Regular destination NAT from external" destination { port 80 } inbound-interface eth0 protocol tcp translation { address 10.0.10.1 } } rule 110 { description "NAT Reflection: INSIDE" destination { port 80 } inbound-interface eth4 protocol tcp translation { address 10.0.10.1 } } } source { rule 110 { description "NAT Reflection: INSIDE" destination { address 10.0.0.0/16 } outbound-interface eth4 protocol tcp source { address 10.0.0.0/16 } translation { address masquerade } } }