I have multiple internal VLANs, and multiple firewall zones (e.g. a guest network, a DMZ LAN) with separate IP ranges and locked-down routing in between. I've found that if I forward a port to a web server in my DMZ zone the 'NAT Loopback' option has no effect on hosts outside of that zone (e.g. in my LAN or GuestLAN zones).
I experienced the same problem. Thank you, Dan and Dex, for posting your solutions here.
It seems like a pretty common situation for people to have a DMZ'd zone hosting a webserver that they would want to access via a zone-to-zone nat loopback.
edit: @dan, I think your problem where you need to do the firewall restart is related to this: https://dev.archive.openwrt.org/ticket/20249.html . When the firewall reloads (instead of restarts) your custom firewall.user rules are not also reloaded, but they depend on a chain that is created in /etc/config/firewall so I think your rules get flushed too. That article explains that you can set a variable in your firewall config to also execute your firewall.user script on reloads as well.
I realize that this thread is super old, but I thought I would post this for anyone else who came across it.