Nat setup - private interface showing in traffic on user end

I have a jitsi meet server setup with multiple video bridges. Jitsi meet server goes through our external firewall and 1:1 NATd. Generally, everything is working just fine. However I have noticed in packet captures that the user machines are attempting to communicate to the private interface of the video bridges (and failing, obviously) prior to communicating with the public NAT interface.

setup (obfuscated IPs… etcc):
jitsi meet server -

  • local. / public
  • firewall rule - allow tcp 443 from outside -> inside

jitsi video bridge -

I’ve seen some other people that have noted similar behavior but I have not seen a resolution to it yet. Is this a normal process? Or, should the user machines only be trying to connect to the public front-end and not see traffic trying the local interface first?

Video sessions work and don’t get kicked off or anything, this just seems odd. Am I missing anything?