Registry port 4567 not accessible - can't pull docker images

Hi, we have a very strange problem in our self hosted gitlab instance.
We just noticed, that external users (that are not part of our company network) can’t access our gitlab instance on port 4567 (e.g. to pull docker images). They also can’t telnet to port 4567 from external. They don’t get a connection. Everything works from inside our company network. External users also can use the web frontend without any problems.

Of course we first checked our firewall but this does not seem to be the problem, as our firewall does not block any packages. The firewall routes everything to our gitlab server with 1to1 NAT. UFW and IP tables are disabled on our gitlab server. If we do a TCP dump we can see that the packages reach the gitlab server. The NGINX is listening on but it does not log any of the access attempts from external. Even when we set the NGINX log to debug, there is no log entry when accessing port 4567 from external. When we try from within our company network, you can see log entries in the NGINX log.

We also tried to set the external IP of out gitlab server as “trusted IP” in the gitlab RB conf. This did not change anything. We also configured the external IP as second IP on our network interface. Problem still persists.

Is there anyone having the same issue? We are using Gitlab Community Edition 14.5.0