Federation and nat reflection

Hi all, consider a server with multiple nextcloud instances, i.e.

  • cloud-a.domain.com
  • cloud-b.domain.com
    The server doesn’t own the public ip because it’s managed by the firewall (only port 80 and 443 are redirected).
    The names cloud-a.domain.com and cloud-b.domain.com are resolved with the local ip, i.e.
    I create ssl certificates.
    I will not be able to get federation work between these two instances right?
    Am I forced to set natreflection on the firewall?