Should the nginx Proxy receive that package? If i trace between the LAN Host and GW, there are no Public IP’s

Hm, could be a little bit much but Public IP -> WG0 -> Proxy -> Router -> Server and back should not be ok?

There is one DNAT rule at the public OPNsense routing the HTTP/s traffic to my proxy. Inside my DMZ an LAN is no NAT, only routing. Back out again there is a Masq/SNAT rule for my local IPs

green boxes are IP, red are FQDN

Curl capture (made first so DNS is captured aswell)

Firefox capture

I tested with my Mobile with LTE and got the same results

Ah sry, bad choise but i masked my real LAN IPs