Set this up with IPv6 and everything can talk directly to each other without all the extra NAT. Use the load balancer and port forward to expose services to the legacy Internet.
The AAAA record, IPv6's equivalent to the A record, is increasingly prevalent. dig defaults to only returning A records, so you'll need to do an additional query with the type set or use the host command, also included in bind-utils.
$ host facebook.com
facebook.com has address 18.104.22.168
facebook.com has IPv6 address 2a03:2880:f112:83:face:b00c:0:25de
facebook.com mail is handled by 10 msgin.vvv.facebook.com.