As you stated, the site_url is configured to the internal IP/Address. and you also access Rocket Chat from an external IP/Domain.
The problem might be that, when sending audio or images, Rocketchat client will look for site_url/uploads/imagem.png or something like that. And this site_url is unavailable for external users.
I have this kind of scenario here, and what I do is to create an internal zone, and point to the internal proxy.
So site_url is http://chat.mycompany.com, and for internal users, will also use this address, but I created an internal zone at our dns, that will redirect chat.mycompany.com to the internal ip.
Thanks, thats great opportunity, but with the help of nginx we use the restriction on downloading files and the security department will not be able to confirm such an implementation to us :’(
If your security department doesn’t allow tampering with internal DNS, you still have the option to change it at the computer level (like in Linux’s /etc/hosts on each computer). But depending on the scale of you scenario, this is probably counter-productive.