VLAN gives "Rejected request from RFC1918 IP to public server address" on NAT Redirect attempt

My main LAN (VLAN 10) will do NAT Redirect with no issues. I connected my laptops to my Work VLAN (VLAN 30) and now if I try to access a service running inside my network (e.g. myjellyfin.mydomain.com) the browser shows

Rejected request from RFC1918 IP to public server address

I have read several other posts on this topic indicating that NAT Redirect only works for the main LAN (VLAN 10 in my case) for some reason.

I see a lot of solutions using Confg files, and honestly don't understand anything I'm looking at. I'm a GUI guy for certain, and can't figure out how to do any of it in LUCI.

I need some help, and would love some assistance in accomplishing a solution using the LUCI web interface.

  1. I have my VLANs setup with their own firewall zones. Some VLANs are allowed to see other zones inside the network.
  2. I can successfully use my services public URLs to access them from the main LAN (VLAN 10).

I have seen some suggestions of setting up DNS entries for internal routing, which is fine and all, but I run a lot of service, so setting a separate entry for each one in LUCI is not really something I want to have to keep up with on top of my reverse proxy having them there. I can't find a way to set a wildcard like *.mydomain.com in LUCI, and this still doesn't deal with other ports needing to be dealt with coming in from the outside that are already setup.

Any help is appreciated.

You will need to set the reflection_zone setting for the firewall rule. This has only been recently exposed in the gui. If it is not there in your version, you will have to set it manually via SSH.

Ok, it must be really new because I'm on OpenWrt 23.05.0-rc2 r23228-cd17d8df2a. How would I go about setting it via SSH?