It's possible but depends on many variables.is it possible to scan PC's behind a NAT router or firewall from internet
- Does the router or firewall forward any ports to internal clients?
- Is the firewall stateful?
These are just 2 off the top of my head.
If I were you, I would investigate how to use hping, tcptraceroute, udp tracerouting, and also some of the more advanced features of nmap.
Try googling for a technique known as "Firewalking". It is a bit old, but the paper provides a decent overview of how to deduce ACL's and firewall rules using various tracerouting techniques.