So when you say "it works" I presume you mean you can surf to your control panel on your DMZ server from the outside world but you can't get to the same site directly from another machine on your internal LAN?
My "solution" of hardwiring IPs and domainnames on each internal workstation should not be needed and is just a workaround in some bizarre situation. The domain I point to my external IP is the same as when I ping it from the inside on my laptop so when I surf to mydomain.tld my browser goes to my router and that passes it back into my internal LAN on the DMZ so in other words it doesn't matter if I ping my domain from inside or outside of my router it will still go the server on my DMZ. The nginx listen directive for ports 80 and 443 listen to everything on that server which is 127.0.0.1 and 192.168.xx.xx. If I type 192.168.xx.xx into my browser I still get the same vhost that I see by going to mydomain.tld from outside or inside my router.
I have my ISOConfig CP listen to port 443 so if I go to https://mydomain.tld
I get my CP from inside or outside my router. If I use https://192.168.xx.xx
then I still get the CP. You should be able to do the same or similar to this.