Hi everybody I have a RB4011 routerboard. 6.43.3
I have a camera system inside the house the port forwarding was success . I set up the camera live view application from the outside IP address and the correct port. Only way it’s working if I’m not on the local Wi-Fi network . Can you help me somebody how to set up the firewall or what rule do I need to set up .

You need hairpin NAT.

Or use a VPN, then configure your viewer to connect to the local IPs of the cameras. This could be more secure than exposing your Camera's communication protocols to the internet.

Or the most simple: add the external dns name used to access camera from outside to dns cache pointing to internal ip.

@sebastia
I don't think DNS catch is going to work . Steveocee is right and the OP needs hairping nat.
client send packet to IP of camera, get changed to internal IP of camera, return traffic has source IP of Internal camera IP. client device drops it because it's does not much the dst-ip of original packet. there is a graph somewhere on wiki ....

@sebastia
I don't think DNS catch is going to work . Steveocee is right and the OP needs hairping nat.
client send packet to IP of camera, get changed to internal IP of camera, return traffic has source IP of Internal camera IP. client device drops it because it's does not much the dst-ip of original packet. there is a graph somewhere on wiki ....

It should work just fine as long as port on exernal ip & internal ip are same.

The flow is different and not as you described: client will send packet to adapted internal ip, as defined in the overriding dns entry, responses will be going to internal ip of the client. no need for dst+src nat.

ok I see what you mean now. So the URL will just be an Internal IP if you connected to it from LAN.
somehow i think the OP is using IP address not URL though

I set up the camera live view application from the outside IP address