Been my experience that boundary firewalls shouldn't be allowed nor configured to allow loop back ... could lead to attacks from internal machines that would ID as coming from the boundary firewall IP address.
The only way to resolve this issue, me thinks, has already been suggested ...
Outside DNS: mymoodle.domain has external IP address
Inside DNS: mymoodle.domain has internal IP address
Moodle uses FQDN ... mymoodle.domain in it's config ... then it's satisfied as to how it's accessed.
My 2 cents, of course.
'spirit of sharing', Ken