It is all about where your domain “home.lan” is known through DNS. The only location where that is registered is on your NS. And your NS is allowed to resolve names on your LAN, not outside your LAN. For domains outside your LAN your NS uses other DNS servers, like the one from your ISP, Google or OpenDNS.
You have to be aware that your domain “home.lan” is just not registered with those other DNS services. (and it never will because .lan top level domain is not available for public use).
To solve this, you can use a Dynamic DNS provider like noip and register your server there so it will be accessible with the registered name from RED interface, This also means that anyone can access your server through that name.
Last tip: to be safe, only allow your webmanagement page from GREEN. Use a VPN when you are not on your LAN to connect to your LAN.