- Rule one: allow WAN traffic to server
- Rule two: allow LAN traffic to server
Rationale for rule 2:
Instead of a firewall rule - the other option is to create an internal DNS hostname for the server instead:
# in /etc/config/dhcp
config domain
option ip '172.16.0.101'
option name 'foo.example.com' #<---this would be the Global FQDN of the server