Edy is running the replace on the body.innerHTML of *EVERY* web page he visits using Chrome (with Tampermonkey extension enabled).
Ok, so removing the IP address entirely from the page does NOT work, the links to either <A HREF> or <IMG> are not able to get files relative to the main page itself, probably because everything is being generated "on-the-fly" by the hard-drive software. I will explain...
The images/videos/music are not actually getting directly referenced to the folder structure on the drive by the software. What happens is the software "sorts" all the content into various types of content and generates some proprietary hierarchy (although user customizable but not necessarily directly parallel to the folder structure) and even renames the files (not on the drive but in it's own "lookup table") to a proprietary name in some strange unknown scheme. You are able to browse BY DATE, BY RATING, BY ALBUM... and there are links to all of these on the "web-page" that the drive presents to the user.
That means that for whatever you decide to click on, the resulting page has been generated "on-the-fly" by the software and contains it's own mapping of files according to whatever sorting scheme you have decided to browse the files by. The only thing that works is turning on Tampermonkey to basically translate/replace all hard-coded internal LAN address links (in the format usually 198.162.x.x, the local LAN IP) to the outward internet-IP the drive is on.
Using Tampermonkey (activated *only* when I am browsing the drive and no other time) solves the problem with the older generation of drives that was doing this. I don't normally use Tampermonkey otherwise, it would be off and therefore shouldn't affect any other browsing (unless you think I should remove the Extension also, but when it is off I assume it is not using any CPU cycles).
SECURITY:
Yes, from a security issue this is a problem, it is actually a known problem with many media hard-drives. On top of the fact that external-browsing should be turned off if you don't plan on accessing the drive from outside your local LAN (usually 192.168.x.x), it poses a risk since it is easy to port-scan random IP's on the internet looking for open responses since certain drives will advertise themselves as existing. In addition, some drives are ALSO known to still respond to external connections even when the "external browsing" feature has been turned off or requires a password.
Newer iterations will map everything to LOCALHOST (127.0.0.1) and require a user inside the LAN to run some software on their machine (probably the software acts as an extra layer of security or simply does the appropriate IP translation or verification). The hard drive web page introduces some Javascript AFTER the page loads that generates the links, it is no longer hard-coded in the page. But when you hover over all the content, the links are all "127.0.0.1/whateverfolderstructure/image1.jpg", etc. That means Tampermonkey CANNOT simply do a lookup/replace of the 127.0.0.1 IP with the internet IP, since the web-page actually loaded has no references to the IP address at all (it must be done by Javascript after).
Nevertheless, you can still access your media from the internet by *manually* replacing the localhost IP with the internet IP of the drive. Content still loads, you just don't see a page full of thumbnails and you can't just easily click on things to browse, you have to do them one at a time.
In this case, if it is possible to "map" or reroute requests to 127.0.0.1 to the internet IP of the drive, the browser should actually fetch the content properly.
Bottom line.... The implementation of the hard-drive software is BAD and BUGGY and is a SECURITY MESS. Either it should work both externally and internally, if I want it to be on and working fine both externally and internally (without needing to do all this IP replacement stuff). However, if I turn off external access to the internet, it shouldn't even let me access the drive PERIOD from the internet. Unless they screwed up the entire implementation and really just obfuscating things for external access because they never intended external browsing (which really isn't stopping anything anyways because swapping IP's still works anyways, whether manually or automatic).