powered by Jive Software

Openfire behind NAT-Router any best practice?

Hello,

I am running an Openfire Server (on Windows) behind a NAT Router/Firewall. I am a little bit confused about the right configuration. The server is running but I got disconnections of idle clients.
Sometimes no communication is possible at all.

org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x00000413: nio socket, server, /ClientIP:49292 => 0.0.0.0/0.0.0.0:5000)

or

org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x00000413: nio socket, server, /ClientIP:49292 => 192.168.0.50/0.0.0.0:5000)

Where 192.168.0.50 is the local IP of the server.
(I am running the server on port 5000 not 5222) All needed ports are forwarded to the server.

What I absolutely not understand is the right configuration for a setup behind a router. The router synchronizes his dynamic IP through an A-Record with a DNS name server in the internet which holds my domain name: example.tld. In additon I have a CNAME openfire.example.tld which points to example.tld
At the moment the server has a fored fqdn name of openfire.example.tld set in the openfire.xml file.
This is the only way to get Letsencrypt certificates working with this setup. The certificate is issued for openfire.example.tld and *.openfire.example.tld
The xmpp domain name in the server properties is also set to openfire.example.tld.
If I set the fqdn to openfire.local (which is the name of the server in the local network set by internal dns server of the router) I get same issues with connections in addition to not working LE-Certificates because of the .local domain name.

So where is my misconfiguration/misunderstanding?

Thank you for any help.
Greets