This is called hairpinning, and while some domestic routers can do this, they are rare - that is a matter for research.
Using split DNS is often a better way to approach this type of issue. Usually when accessing the public IP address from inside the network is needed, it is because there is a device that needs to access an internal resource from both outside and inside the network. It is configured to use the public address when outside, but then needs to be reconfigured to use the private address when internal.
Using split DNS can solve this problem by using a public DNS service for the the external address, but then running an internal DNS server that serves the internal IP address for the same DNS entry.
Lets say for example that your 1.2.3.4 IP address has the dns name myserver.domain.com
, which works when external to your network. You would then install a forwarding DNS server on your internal network, perhaps on the 10.4.3.100
server. It would have a zone file for myserver.domain.com
, resolving the myserver.domain.com
address to 10.4.3.100
. Set this to have a low TTL so that it doesn't get cached for long.
You would use your internal DNS server for any name resolution while within your network, forwarding any requests it cannot resolve itself on to your ISP.
You would then configure any applications to not use 1.2.3.4
but to use myserver.domain.com
, and they will work both inside and outside the network.
my understanding of these terms is different than theirs
OK, lets try to clarify the relevant terms.
I would like to make some things clear … is it possible to have public IP and be behind NAT at the same moment?
Everybody with an internet connection has a "public IP" that is an IP-address which is visible to the general public.
This public IP-address is sometimes referred to as an external IP-address. It is usually allocated to your router by your ISP.
It can be dynamic or static. Some ISPs charge more for a static addrsss. Dynamic ones are allocated from a pools, in this case your public IP-address can change from time to time
NAT
Traditional IP addresses are IP version 4 addresses. These are running out. To stave-off address exhaustion, some ranges were reserved for private use (e.g. 192.168.0.0) and Network Address Translation (NAT) was invented so that a router could edit (translate) addresses in IP packets and change a private IP-address to a public one. That way a business or home with tens or thousands of computers could all share a single public IP-address.
So yes, most people have a public IP-address and are behind NAT.
is it simply because that my ssh client (PuTTY) can't receive incoming packets because of blocked incoming ports?
Outbound connections
TCP connections are started by a client sending a packet to a server (as part of a "three-way handshake"). The router sees this packet, edits the from-address and keeps a note in an internal list of connections of the internal source IP-address, source port and translated source port (it has to cope with two PCs both using the same source port getting their source IP-address translated to the same public IP-address). Since it keeps track of connections, when the router receives reply packets it can work out which internal PC to forward the (edited) packets on to.
So no, replies to an outbound SSH connection should not be blocked.
connections initiated from the outside are a different matter:
Inbound connections
When the router receives an inbound request to create a connection on a specific port (e.g. 80) - if it doesn't provide a service on that port itself (e.g. router admin interface) it won't know what to do and will refuse the connection.
Port forwarding
If you want friends, random strangers (and criminals) to have access to your PC, you can tell the router that when it receives a connection request on port n to forward that request to one of your computers.
Best Answer
Not easily, though you should reconsider how you visualise this. It is more helpful to visualise it the other way around, as we are looking at incoming connections - this is why this is referred to as port-forwarding:
Ports are opened on the router's public IP address and forwarded to an address and port of an internal resource.
So your router has port 42300 open and is listening on this port on its public IP, and will forward any incoming connections to port 80 on the internal server.
Your question is therefore better phrased as "How can I determine which port on my router gets forwarded to port 150 on my internal server". Because of the way this works, the connection needs to be initiated from an external source, to the public IP address on the right port.
As you don't know the right port, and cannot access the router to see what it is, then your only option is to try them all and see which one connects through.
You can use the nmap tool to do this.