The callback URL needs to be wherever you’ve set up your web server, and needs to be publicly accessible, (it also needs to be HTTPS for EventSub, or any webhook topics that require user scopes).
So you could host the webserver yourself and forward any ports needed to that so you can use your public IP as a callback URL, but honestly the best place to test would be wherever you actually plan to be running your app in production.