Openfire uses its (internal) IP address when sending a streamhost host. This does not work when NAT is used and public clients are connected. They can not connect to 192.168.0.0/24 or 10.0.0.0/8 IP addresses.
Openfire should still use the private IP address to open the listen socket but in the xmpp packets it should use the host name or a configured IP address.
Using the DNS name may be problematic as we can not guarantee that the public DNS entry uses an A/AAAA record. Likely Openfire can not verify this as it connects to an internal DNS server. (http://xmpp.org/extensions/xep-0065.html - Note: If the value of the 'host' attribute is a DNS domain name, it MUST be resolvable to the IP address on which the Proxy (or an instance thereof) is hosted using an A or AAAA lookup.)
Keep using the private IP address but add an option to enter a custom value (IP address or host name) and add the XEP documentation (A lookup) to the Openfire file transfer page.
Openfire in LAN with private IP, clients connecting via NAT / public IP
Is this issue still happening on a current release (3.9.1)?
I think so, but I don't know.
I think Guus has this fixed for the upcoming 4.1 release. I have assigned it to him for commentary...
Commentary: OF-1170. We should retest this though.
I've provided an additional change. It re-purposes the 'xmpp.proxy.externalip' property. Earlier, this was used to make the proxy bind to a specific interface. As this is quite similar to the functionality provided by the 'network.interface' property, 'xmpp.proxy.externalip' now controls only what interface is reported. It no longer affect the interface binding process directly. This functionality has also been added to the admin console.