Jitsi behind NAT firewall - clients are unable to communicate through the TURN server when UDP 10000 is blocked

Hi,
My Jitsi VC server is located at the DMZ of a NAT firewall. The clients are unable to communicate through the TURN server when UDP 10000 is blocked. Kindly help me to solve this issue. The relevant details of my configuration and the JVB logs are given below.

The following configurations are added to the file /etc/jitsi/videobridge/sip-communicator.properties:
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=DMZ IP
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=Public IP

The file /etc/turnserver.conf contains the folowing:
use-auth-secret
keep-address-family
static-auth-secret=xxxxxxxxxxxxxx
realm=yyyyyyyyyy
cert=/etc/letsencrypt/live/uuuuuuuu/fullchain.pem
pkey=/etc/letsencrypt/live/uuuuuuuu/privkey.pem
no-multicast-peers
no-cli
no-loopback-peers
no-tcp-relay
no-tcp
listening-port=3478
tls-listening-port=5349
no-tlsv1
no-tlsv1_1
cipher-list=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
syslog
external-ip=DMZ IP/Public IP
listening-ip=127.0.0.1

With this configurtaion, the clients are able to communicate the video and audio through UDP 10000. But the clients who don’t have access to UDP 10000 fails to communicate the video and audio through the TURN server.

JVB log tells the following:
2020-09-22 19:25:33.368 INFO: [216] [confId=920eacc4e7970323 gid=17926 stats_id=Salvatore-N5Q componentId=1 conf_name=testmabin ufrag=ads3g1eir1i672 name=stream-714fdbb6 epId=714fdbb6 local_ufrag=ads3g1eir1i672] Component.addUpdateRemoteCandidates#347: Update remote candidate for stream-714fdbb6.RTP: 127.0.0.1:63628/udp
2020-09-22 19:25:33.369 INFO: [216] [confId=920eacc4e7970323 gid=17926 stats_id=Salvatore-N5Q componentId=1 conf_name=testmabin ufrag=ads3g1eir1i672 name=stream-714fdbb6 epId=714fdbb6 local_ufrag=ads3g1eir1i672] Component.updateRemoteCandidates#481: new Pair added: DMZ IP:10000/udp/host -> 127.0.0.1:63628/udp/relay (stream-714fdbb6.RTP).
2020-09-22 19:25:33.386 INFO: [234] [confId=920eacc4e7970323 gid=17926 stats_id=Salvatore-N5Q conf_name=testmabin ufrag=ads3g1eir1i672 epId=714fdbb6 local_ufrag=ads3g1eir1i672] ConnectivityCheckClient$PaceMaker.run#922: Pair failed: DMZ IP:10000/udp/host -> 127.0.0.1:63628 /udp/relay (stream-714fdbb6.RTP)

If I remove NAT_HARVESTER_LOCAL_ADDRESS and NAT_HARVESTER_PUBLIC_ADDRESS from sip-communicator.properties, and external-ip from turnserver.conf, communication will be working through the TURN server but not through UDP 10000.

Then, JVB log has the following entries:
2020-09-22 17:17:53.500 INFO: [50] [confId=7a06b21cd2bcd0d0 gid=349328 stats_id=Salvatore-N5Q conf_name=testmabin ufrag=dogue1eiqq8d6h epId=8d624330 local_ufrag=dogue1eiqq8d6h] Agent.triggerCheck#1761 : Add peer CandidatePair with new reflexive address to checkList: CandidatePair (State=Frozen Priority=7926369428998979583): LocalCandidate=candidate:1 1 udp 2130706431 DMZ IP 10000 typ host RemoteCandidate=candidate:10000 1 udp 1845501695 127.0.0.1 51475 typ prflx
2020-09-22 17:17:53.515 INFO: [50] [confId=7a06b21cd2bcd0d0 gid=349328 stats_id=Salvatore-N5Q conf_name=testmabin ufrag=dogue1eiqq8d6h epId=8d624330 local_ufrag=dogue1eiqq8d6h] ConnectivityCheckClient.processSuccessResponse#630: Pair succeeded: DMZ IP:10000/udp/host -> 127.0.0.1:51475 /udp/prflx (stream-8d624330.RTP).
As per my preliminary examination, the connection will be successful when the RemoteCandidate type is /udp/prflx and it will fail when the type is /udp/relay. Can anyone explain the difference between them?

I could solve the issue. I made a mistake while entering the external-ip parameter of TURN. The correct format is:
external-ip=Public IP/DMZ IP.