Yet another hairpin NAT question

Hi,

After going through other posts here, and in internet, i am still not sure about hairpin nat after hours of trying different commands and settings. So I post here for help.

Here is my config.

eth0 = public interface = a.b.c.d
eth2 = 10.250.0.1/24
eth3 = 10.10.0.1/24
eth4 = (will be 172.30.0.1/24) – in future

My current rules

set nat destination rule 100 destination address 'a.b.c.d'
set nat destination rule 100 destination port '80,443'
set nat destination rule 100 inbound-interface 'eth0'
set nat destination rule 100 protocol 'tcp'
set nat destination rule 100 translation address '10.250.0.2'

set nat source rule 101 outbound-interface 'eth0'
set nat source rule 101 source address '10.0.0.0/8'
set nat source rule 101 translation address 'masquerade'

(rule for 172. will be added in future)

What I need is that any computers from 10.10. and 10.250 network when they try to reach http(s)://a.b.c.d , it should work and hopefully log internal/real ip address. ( and also from future 172.30.0.0/24 network )

I am unable to figure it out.

Please help by providing the output of “show configuration commands” and not “show configuration”.
I find it very easy to understand show configuration commands as it tells me exactly what I need to type. This will also help others in future seeing the description and the commands to type.

Thank You.

An example for hairpin nat NAT44 — VyOS 1.4.x (sagitta) documentation