Openfire uses its (internal) IP address when sending a streamhost host. This does not work when NAT is used and public clients are connected. They can not connect to 192.168.0.0/24 or 10.0.0.0/8 IP addresses.
Openfire should still use the private IP address to open the listen socket but in the xmpp packets it should use the host name or a configured IP address.
Using the DNS name may be problematic as we can not guarantee that the public DNS entry uses an A/AAAA record. Likely Openfire can not verify this as it connects to an internal DNS server. (http://xmpp.org/extensions/xep-0065.html - Note: If the value of the 'host' attribute is a DNS domain name, it MUST be resolvable to the IP address on which the Proxy (or an instance thereof) is hosted using an A or AAAA lookup.)
Keep using the private IP address but add an option to enter a custom value (IP address or host name) and add the XEP documentation (A lookup) to the Openfire file transfer page.