Router cannot access LAN with public IP [duplicate]

Question

I have the following setup:

          ISP
           |
           |
        external interface (public ip)
       /
Router (running OPNsense)
       \
        internal interface 192.168.0.1
            |
          /   \
        /       \
      /           \
 webserver       other lan clients
 192.168.0.2    192.168.0.3-100 (from dhcp)

My Router is not able to connect to the webserver via it's public IP-address but the rest of the 192.168.0.0/24 net is.

I have set portforwards for the WAN interface on port 80 and 443 to my webserver and enabled "Reflection for port forwards" as well as "Automatic outbound NAT for Reflection" in the advanced settings for the firewall.

Anyone got an idea why my router is not able to connect to the webserver via it's external-IP.

To rule out the webserver as point of failure I setup a dummy ssh server (raspberry pi) and portforward some port to the pi's ssh port with the exact same result. The whole 192.168.0.0/24 network can connect to the pi via its public ip (domainname) except from the router.

Answer 1

My Router is not able to connect to the webserver via it's public IP-address ...

That is to be expected. Accessing the web server by public IP requires destination NAT aka reverse NAT aka port forwarding, which the router doesn't do for its own source address.

Use the web server's private IP instead.

... but the rest of the 192.168.0.0/24 net is.

You private clients should use the server's private address for access as well, in order to avoid the inefficient client-router-server loop with hairpin NAT. You might want to consider split-brain DNS (off topic here) for simplicity.