*So would it be possible for someone from an outside network to send a file to one specific computer in my home network?*

No. Not unless you’ve configured your router ahead of time to allow this to happen. Depending on your router, your ISP, and some other details, it is possible to allow it to happen, but it is not the default.

*And how is it that emails can reach e.g. outlook application installed on one computer with one IP address, but still be accessed from another computer with a completely different IP address.*
Very generally speaking, Email isn’t being pushed from the internet onto your laptop. Outlook (and most email clients) work by constantly pulling any new email from the server. Outlook, running on your laptop, is constantly reaching out to the internet to your mail server, which has a public IP address. The data for that email is on the server, so many different computers, with different IP addresses, can access it.

Your router is using something called Network Address Translation (NAT). NAT allows the router to hide your personal network (private) IP addresses and dynamically creates tables of what device IPs requested certain services like a google request (port 443) or an FTP request (port 21). When they exit the router to the internet your router appends its public IP address instead of the internal network IP address. When information inbound to the router comes from the internet it strips the public address, looks up the port number it assigned and combines it with the corresponding internal IP address.

*edit: And no, unless your router has some severe and malicious security flaw, it is not possible for an external host to communicate directly with the private IP in your network.

Your router uses NAT to “share” it’s external IP among all the internal computers.
It’s possible to do reverse NAT, from the internet to your internal computers, but it’s risky and demand knowledge about TCP/IP ports and firewall.

*So would it be possible for someone from an outside network to send a file to one specific computer in my home network?*

No. Not unless you’ve configured your router ahead of time to allow this to happen. Depending on your router, your ISP, and some other details, it is possible to allow it to happen, but it is not the default.

*And how is it that emails can reach e.g. outlook application installed on one computer with one IP address, but still be accessed from another computer with a completely different IP address.*
Very generally speaking, Email isn’t being pushed from the internet onto your laptop. Outlook (and most email clients) work by constantly pulling any new email from the server. Outlook, running on your laptop, is constantly reaching out to the internet to your mail server, which has a public IP address. The data for that email is on the server, so many different computers, with different IP addresses, can access it.

So in general, you’re right. The rest of the internet can only “see” your router and send traffic to it. That means if some rando wants to push a file transfer directly to your computer, they simply can’t. You might even be running something like an FTP server on the computer. But when the router gets their “Hi, I want to connect to the FTP server” message, it responds, “I do not run an FTP server, sorry.”

But how does traffic get back to your computer when you ask for a web page? Well, that’s the router’s job. Your computer has to tell the router, “Ask Reddit to send me this page.” The router nods and sends the request to reddit. Reddit thinks it’s the router asking for the page so it sends the page to the router. The router remembers that your computer ASKED for that data so the router happily redirects it to your computer.

That’s how Outlook works. It ASKS servers outside of itself for data. The router always assumes if you ASK for data then it’s OK to “forward” the response to you. But this only works for one “connection”. If for some reason after that is over reddit decides to send more stuff to you, the router’s liable to ignore it or respond, “I didn’t ask for this.”

That’s why there’s a feature called “port forwarding”. Sometimes you want to run a program that EXPECTS people from the outside to ask it the questions, like when you host a video game server. To make that work, usually the program tells you “I use this port”. Think of ports like “channels” your computer can use, each network connection has about 65,000 of them and a program is free to use any of them above 1024. (The first 1024 are reserved for a lot of core internet services, this gets a little complex.) So your video game server might tell you it’s going to use port 54678. You have to go tell your router, “If you get someone asking to connect to port 54678, please send that to the computer with this IP address inside your network even if I haven’t asked for it first.”

So when the person tries to send data to your router, the router says, “Ah, port 54768, I’m supposed to pass this along.” and it does. That person still doesn’t know your ‘inside’ IP address. You’ve just kind of poked a hole in your router to let people get through. Obviously, if two different computers “inside” the network want to use the same port, one of them has to change. (There are some things you can do to deal with this but let’s keep it simple.)

There are also some tools that seem to “magically” get around this, but it’s really not any more complicated. Tools like LogMeIn Hamachi can help people connect to your computer even when you can’t mess with your router’s port forwarding.

What that does is set up a “Virtual Private Network” or “VPN”. You’ve probably heard some Youtubers shill for one. It’s a fancy name to say your computer connects to some other computer that agrees “Let’s pretend I’m your router.” Since YOU started this connection to that computer, your real router doesn’t get in the way. So in that situation the way it works is:

1. Your computer asks to open a connection to your VPN service.
2. Your router sees this outgoing request and passes it on.
3. When the VPN service responds your router remembers you asked for this and passes it back to you.
4. You tell someone else the IP address *of the VPN computer*, which is now acting like a second router.
5. They try to connect to the VPN’s IP address and port number.
6. The VPN sends that data to your router.
7. Your router passes it along because you opened this connection yourself.
8. You get the data, and the other person only knows about your VPN’s computer’s IP address.

VPNs can do a lot of other things, like encrypt the traffic so your router can’t snoop on what you’re doing. But for this question what’s important is the way they work is sort of like having a 2nd router “on the other side” of your current router, and that can let you do things your router might not normally let you do.

And to summarize, generally the rule is:

* If you ask an external site for some data, your router will let that data get back to your computer.
* If you did NOT initiate a connection with the external site, your router will block it UNLESS you have used a feature like “port forwarding” to tell the router to let that data through.

There is NOT a standard, easy way for someone to just randomly upload a file to your computer. There are hard, malicious ways to do it, but they *usually* require you to do something silly like install a program that pokes a hole they can slip data through. A long time ago some OSes had VERY very insecure file sharing setups that people could trick into accepting files, and that was also a time when fewer people used routers. So that’s when the scariest stories come from and that’s also part of why it takes a lot of steps to enable public file sharing *and* we still tend to configure routers to prevent it from happening.

Your router is using something called Network Address Translation (NAT). NAT allows the router to hide your personal network (private) IP addresses and dynamically creates tables of what device IPs requested certain services like a google request (port 443) or an FTP request (port 21). When they exit the router to the internet your router appends its public IP address instead of the internal network IP address. When information inbound to the router comes from the internet it strips the public address, looks up the port number it assigned and combines it with the corresponding internal IP address.

*edit: And no, unless your router has some severe and malicious security flaw, it is not possible for an external host to communicate directly with the private IP in your network.

Your router uses NAT to “share” it’s external IP among all the internal computers.
It’s possible to do reverse NAT, from the internet to your internal computers, but it’s risky and demand knowledge about TCP/IP ports and firewall.

*So would it be possible for someone from an outside network to send a file to one specific computer in my home network?*

No. Not unless you’ve configured your router ahead of time to allow this to happen. Depending on your router, your ISP, and some other details, it is possible to allow it to happen, but it is not the default.

*And how is it that emails can reach e.g. outlook application installed on one computer with one IP address, but still be accessed from another computer with a completely different IP address.*
Very generally speaking, Email isn’t being pushed from the internet onto your laptop. Outlook (and most email clients) work by constantly pulling any new email from the server. Outlook, running on your laptop, is constantly reaching out to the internet to your mail server, which has a public IP address. The data for that email is on the server, so many different computers, with different IP addresses, can access it.

Your router uses NAT to “share” it’s external IP among all the internal computers.
It’s possible to do reverse NAT, from the internet to your internal computers, but it’s risky and demand knowledge about TCP/IP ports and firewall.

Your router is using something called Network Address Translation (NAT). NAT allows the router to hide your personal network (private) IP addresses and dynamically creates tables of what device IPs requested certain services like a google request (port 443) or an FTP request (port 21). When they exit the router to the internet your router appends its public IP address instead of the internal network IP address. When information inbound to the router comes from the internet it strips the public address, looks up the port number it assigned and combines it with the corresponding internal IP address.

*edit: And no, unless your router has some severe and malicious security flaw, it is not possible for an external host to communicate directly with the private IP in your network.