I am running Jellyfin on a local PC and exposing it to the internet through Caddy (reverse proxy).
The router is TP-Link Deco X50.
 

Network behavior before firmware update

• From external networks:
  Accessing Jellyfin via my public domain worked.
• From internal LAN:
  Accessing the same public domain (resolving to public IP) also worked.
  This indicates NAT Loopback / Hairpin NAT was functioning.
   

Network behavior after firmware update

• From external networks:
  Public domain → Jellyfin still works.
• From internal LAN (behind Deco):
  • Public domain → does NOT work
  • Direct LAN IP (e.g. 192.168.x.x) → works

No changes were made to:

• Jellyfin configuration
• Caddy configuration
• Port forwarding rules
• Public IP / DDNS
• Firewall rules on the host

Only the Deco firmware was updated.
 

Analysis

This behavior strongly indicates that NAT Loopback (Hairpin NAT) has been disabled or its behavior changed by the firmware update.

Internal clients resolving the domain to the public IP can no longer hairpin back through the router to the internal server. The packets appear to be dropped at the NAT stage before routing, so:

• Static routes do not help
• Port forwarding still works for external traffic
• Only internal access via public IP/domain is broken
   

Questions for TP-Link

• Was NAT Loopback / Hairpin NAT intentionally removed or changed in recent Deco X50 firmware?
• Is there any hidden or advanced option to re-enable NAT Loopback?
• If not, is this a known regression and will it be fixed in a future firmware?

This behavior breaks common self-hosting scenarios where the same domain is expected to work both internally and externally.