Hairpin NAT

They don't usually do that, it's bullshit. If there is a need to connect to the same resource from the outside and from the inside, this issue is solved by setting up a DNS server, which, when requested from the local network, resolves the desired name to the local IP address.

Harpin nat is used from hopelessness.
I already foresee the following requests for toster
- why the SIP client does not work on the home telephony server
- why I do not see the client's IP on the server
- how to block a hacker if all connections on the server go from 192.168.1.1
Judging by the screenshot you have pfSense, you can understand on it DNS and make static records for home resources. Then make settings in DHCP so that home clients receive this DNS server. It will give static addresses, everything else will be forwarded to an external DNS. Everything works transparently and nothing needs to be configured on the client.

The fact that the scheme in the figure is working is absolutely certain, even without problems with changing IP to DNS.
On some routers, port forwarding can be configured in different ways. I won’t say anything about Ubiquiti (I didn’t have an acquaintance), but try to twist the options in it on the topic - on which IP to catch the forwarding, and not from which network.
If your mail server (web server, etc.) has a certain name mail.host.ru, then clients inside the locale should not see the difference - they just climb on the external white IP and just work. The router should not ban internal requests.
It's just a matter of setting up the router.