REWRITE should have a restriction option
I have a NAS server with an internal IP address of 192.168.0.100.
In addition, the NAS server can be addressed externally via firewall / port forwarding & external IP.
I added a rewrite to access my NAS with the officially DNS - Name ( certificate ) and internal IP.
If i resolve in the home network, I get the internal IP 192.168.0.100 now.
But if I want to access it externally from my cell phone, I also get the internal IP.
Of course I can't access it externally.
I would like a possibility of restriction:
mynas.mydomain.com -> 192.168.0.100
something similar like
my.external.ip:mynas.mydomain.com -> 192.168.0.100
If the request comes from the server my.external.ip, the REWRITE should apply, otherwise not.
Based on the the many requests posted here, this would be very high on their priority list.
However, some routers/firewalls provide a feature called NAT Loopback which might be solution to your problem:
You didn't mention what kind of NAS you have, but many consumer NAS frequently have security vulnerabilities and making them accessable to the internet is risky. QNAP and Synolgy seem to appear often in when it comes to newly discovered NAS security vulnerabilites.