okay more details:

monowall(soekris) ip: 192.168.1.1
windows workstation: ip 192.168.1.3
linux workstation: 192.168.1.4

they got the ips from dhcp

the windows and linux workstation are connected in a hub. the hub is
connected in one of the 4501 lan interfaces.
all ping work good from windows to mono and linux and so on....
i connect to my service provider with the wan interface from the
soekris with monowall. its an pppoe connection. there are no problems.
on my linux workstation i run a sshd. i use putty from windows to
connect the linux workstation with the ip 192.168.1.4 and port 22.
there are no problems i can login and see my shell. 

so i thought i can connect about the internet to my linux workstation
but i need to test it. i setup a dyndns adress and say monowall
transfer the actually ip adress.
no problem it work good. 
then i use putty to connect this dynamic ip or to the dns adress. its
the same. but i get an connection refused.
occurred to me i must configurate mono that it accept the inbound
connection and the port 22.

i make the follow settings:
i got to nat and confirgure this and set a hook by Auto-add a firewall
rule to permit traffic through this NAT rule.

   If    Proto Ext. port range NAT IP Int. port range Description 
WAN  TCP  22 (SSH)  192.168.1.4  22 (SSH)  ssh2   

in the rules i got this 

Proto Source Port Destination     Port      Description 
TCP      *         *   192.168.1.4  22 (SSH)  NAT ssh2   

i thought it will be work.
maybe i have an understanding problem:

is it possible to use putty and go out in the internet and come back
about the same interface. so i use the isp ip.

windows(putty) ---> mono --> dyndns ---> mono ---> linux

is this possible?