Public vs Private IP Addresses: Everything You Need to Know
This guide covers: Public vs Private IP Addresses: Everything You Need to Know.
Every device connected to the internet has an IP address, but did you know there are two distinct types? Understanding the difference between public and private IP addresses is fundamental to comprehending how the internet works and how your home network stays secure.
What is a Public IP Address?
A public IP address is a globally unique identifier assigned to your network by your Internet Service Provider (ISP). Think of it as your home's street address on the internet - it's how the rest of the world finds and communicates with your network.
Key Characteristics of Public IPs
- Globally unique: No two devices on the internet can have the same public IP address at the same time
- Assigned by ISPs: Your Internet Service Provider allocates your public IP from their pool of addresses
- Internet routable: Can be accessed from anywhere on the internet
- Limited supply: IPv4 public addresses are scarce, which drove the development of private IP addresses and NAT
How to Find Your Public IP Address
Finding your public IP address is simple:
- Use our IP Tracker tool on this website
- Search "what is my IP" in any search engine
- Visit websites like ipinfo.io or whatismyip.com
- Check your router's admin panel (WAN/Internet settings)
What is a Private IP Address?
Private IP addresses are used within local networks (like your home or office) to identify individual devices. These addresses are not routable on the public internet - they only work within your local network.
Reserved Private IP Ranges
The Internet Assigned Numbers Authority (IANA) has reserved three blocks of IP addresses specifically for private use:
- Class A: 10.0.0.0 to 10.255.255.255 (10.0.0.0/8) - 16,777,216 addresses for very large networks
- Class B: 172.16.0.0 to 172.31.255.255 (172.16.0.0/12) - 1,048,576 addresses for medium-sized networks
- Class C: 192.168.0.0 to 192.168.255.255 (192.168.0.0/16) - 65,536 addresses for small networks (most home routers use this)
Key Characteristics of Private IPs
- Not globally unique: The same private IP can be used in millions of different networks worldwide
- Assigned by routers: Your router assigns private IPs to devices using DHCP (Dynamic Host Configuration Protocol)
- Not internet routable: Cannot directly communicate with the internet; requires NAT translation
- Unlimited supply: Can be reused in any private network
How to Find Your Private IP Address
Finding your private IP depends on your operating system:
Windows
- Press Windows + R, type
cmd, press Enter - Type
ipconfigand press Enter - Look for "IPv4 Address" under your network adapter
macOS
- Click the Apple menu > System Preferences > Network
- Select your connection (Wi-Fi or Ethernet)
- Your IP address is displayed on the right
Linux
- Open Terminal
- Type
ip addrorhostname -I - Look for the address associated with your network interface
Mobile Devices
- iPhone:Settings > Wi-Fi > tap the (i) next to your network
- Android:Settings > Network & Internet > Wi-Fi > tap your network > Details
How NAT Connects Private Networks to the Internet
Network Address Translation (NAT) is the technology that bridges the gap between private and public IP addresses. It's what allows multiple devices in your home to share a single public IP address.
Glossary: NAT. Related reading: CIDR notation explained.
How NAT Works
- Your device (e.g., laptop with IP 192.168.1.5) sends a request to visit google.com
- The request reaches your router, which notes the internal IP and port
- Your router replaces your private IP with its public IP (e.g., 203.0.113.1) and assigns a unique port number
- The request goes to Google's servers from your public IP
- Google responds to your public IP and port
- Your router receives the response, checks its translation table, and forwards the data to your laptop's private IP
Benefits of NAT
- IP Address Conservation: Millions of devices can share limited public IPv4 addresses
- Built-in Security: External connections cannot directly reach internal devices without port forwarding
- Network Flexibility: Change your internal network structure without affecting your public IP
Public vs Private IP: Side-by-Side Comparison
| Feature | Public IP | Private IP |
|---|---|---|
| Scope | Global (entire internet) | Local (within network only) |
| Uniqueness | Globally unique | Unique only within network |
| Assignment | By ISP | By router (DHCP) |
| Internet Access | Direct | Requires NAT |
| Visibility | Visible to websites | Hidden from internet |
| Example | 203.0.113.45 | 192.168.1.100 |
| Cost | Often additional fees for static | Free |
Static vs Dynamic IP Addresses
Both public and private IPs can be either static or dynamic:
Static IP Addresses
A static IP never changes. It's manually configured and remains constant.
- Use cases: Web servers, email servers, remote access, VPN endpoints, networked printers
- Pros: Reliable for hosting, easy remote access, consistent DNS records
- Cons: Higher cost for public static IPs, requires manual configuration, potential security risk if targeted
Dynamic IP Addresses
A dynamic IP is automatically assigned and may change periodically.
- Use cases: Home internet connections, mobile devices, most personal computers
- Pros: Lower cost, automatic configuration, slight privacy benefit from changing IPs
- Cons: Not suitable for hosting, remote access requires dynamic DNS services
Security Implications
Public IP Security Concerns
Your public IP address can reveal:
- Your approximate geographic location (city level)
- Your ISP
- Your connection type and speed
Malicious actors with your public IP could potentially:
- Attempt to exploit vulnerabilities in your router
- Launch targeted DDoS attacks
- Try to access unsecured services on your network
How Private IPs Enhance Security
Private IP addresses provide a layer of security through obscurity:
- Devices behind NAT cannot be directly addressed from the internet
- Attackers must compromise your router first to reach internal devices
- Internal network structure is hidden from external observation
Best Practices
- Use a VPN: Masks your public IP and encrypts traffic
- Keep router firmware updated: Patches security vulnerabilities
- Use strong router passwords: Prevent unauthorized access to your network
- Disable unused port forwarding: Reduces attack surface
- Enable firewall: Both on your router and devices
IPv4 Exhaustion and the Role of Private IPs
The IPv4 address space provides approximately 4.3 billion unique addresses. With billions of devices connected to the internet, we've essentially run out of public IPv4 addresses.
Private IP addresses and NAT were crucial in extending the life of IPv4 by allowing:
- Multiple devices to share a single public IP
- Organizations to use the same private address ranges internally
- The internet to grow beyond its original address limitations
IPv6, with its vastly larger address space, is designed to eventually eliminate the need for NAT and private addresses, but the transition is gradual and ongoing.
Common Use Cases
Home Network
In a typical home:
- Public IP: Assigned to your router's WAN port by your ISP (e.g., 98.76.54.32)
- Private IPs: Your router assigns to each device - laptop (192.168.1.10), phone (192.168.1.11), smart TV (192.168.1.12)
Business Network
Companies often have more complex setups:
- Multiple public IPs for different services (web server, email, VPN)
- VLANs with different private IP subnets for departments
- DMZ networks for public-facing servers
Cloud and Data Centers
Cloud providers use both extensively:
- Public IPs for load balancers, gateways, and external services
- Private IPs for internal communication between servers
- Elastic IPs that can move between instances
Why every device in your home has a private IP but the world sees one public IP
This is the single most confusing part for newcomers. Your laptop, phone, smart TV, smart speakers, doorbell, and printer each get a unique private IP from your router (192.168.1.10, 192.168.1.11, 192.168.1.12, etc.). But when any of them connects to a website, the website only sees your router's single public IP — not the per-device private addresses.
The router acts as the translator. When your phone requests google.com, the router rewrites the outgoing packet's source from 192.168.1.11:54321 to 203.0.113.45:6234 (your public IP plus a port the router picks). Google replies to that public IP and port. The router checks its NAT table, sees that port 6234 belongs to your phone, and rewrites the destination back to 192.168.1.11:54321. The phone gets the response. Google never sees the private IP.
This is why a single public IP can serve dozens of devices in one home. It also means your ISP cannot tell which specific device made a request from outside the LAN — only the router knows the per-device mapping.
IPv6 does not have "private" addresses the way IPv4 does
The public/private split is mostly an IPv4 concept driven by address exhaustion. IPv6 takes a different approach because there are enough addresses for every device on Earth to have its own globally unique one:
- Global unicast addresses (starting with
2000::/3) are the IPv6 equivalent of public IPv4 — routable on the open internet, assigned by ISPs. - Unique local addresses (ULA) in
fc00::/7are the closest IPv6 has to RFC 1918 private addresses. They are not routed on the public internet but can be used inside organisations. Most home networks do not use ULAs because the ISP already provides a public IPv6 prefix. - Link-local addresses in
fe80::/10are auto-generated on every interface and are used for local network discovery (similar to APIPA in IPv4). They cannot leave the local network segment.
Practical impact: in a dual-stack home network, your laptop often has both a private IPv4 (like 192.168.1.10) and a globally-routable IPv6 (like 2001:db8::abc). The IPv6 is directly reachable from the public internet unless the router's IPv6 firewall blocks inbound traffic — which is why IPv6 firewall configuration matters more than people realise.
The three RFC 1918 private IP ranges
Private IP addresses are not random. They come from three specific ranges defined in RFC 1918, which any network can reuse internally because those addresses are never routed on the public internet:
- 10.0.0.0/8 (10.0.0.0 to 10.255.255.255): 16.7 million addresses. Used by large enterprises, ISPs for internal infrastructure, and Docker/VPN tools that need a large private address space. Cisco Anyconnect, OpenVPN, and WireGuard often default to a 10.x subnet.
- 172.16.0.0/12 (172.16.0.0 to 172.31.255.255): 1 million addresses. Less commonly used in homes but standard for mid-size business networks and AWS/Azure default VPC ranges. Docker defaults its bridge network to 172.17.0.0/16.
- 192.168.0.0/16 (192.168.0.0 to 192.168.255.255): 65,536 addresses. The most common home network range. Default router IPs like 192.168.0.1 and 192.168.1.1 live here. Most consumer routers ship with a 192.168.x.x default DHCP pool.
A small fourth range, 169.254.0.0/16, is the link-local block for APIPA (Automatic Private IP Addressing). If your device gets a 169.254.x.x address, DHCP failed and the OS assigned a fallback. This usually indicates a router or network problem rather than a working private IP.
CGNAT: the in-between range that is neither truly public nor private
There is a fourth address range that confuses many users: 100.64.0.0/10 (100.64.0.0 to 100.127.255.255). Defined in RFC 6598, this is the Shared Address Space used by ISPs for carrier-grade NAT (CGNAT).
If your router's WAN IP is inside 100.64.0.0/10, you do not have a true public IP — your ISP has placed you behind a shared upstream translation layer. This breaks port forwarding, self-hosting, and inbound peer-to-peer connections even though your router thinks it has a "public" WAN address. See port forwarding not working with CGNAT for the diagnosis and workarounds.
How to tell quickly whether your IP is public, private, or CGNAT
Look at the first octet (and sometimes the second) of the IP:
- 10.x.x.x — private (RFC 1918)
- 172.16.x.x through 172.31.x.x — private (RFC 1918)
- 192.168.x.x — private (RFC 1918)
- 100.64.x.x through 100.127.x.x — CGNAT (RFC 6598)
- 169.254.x.x — APIPA link-local (DHCP failed)
- 127.x.x.x — loopback (your own device)
- Anything else within the IPv4 range — almost certainly public-routable
To confirm, compare your router's WAN IP against the public IP shown by an external service like our homepage IP lookup. If they differ, an upstream NAT layer (CGNAT or double NAT) sits between you and the public internet.
Troubleshooting Tips
Can't Connect to the Internet?
- Check if you have a valid private IP (not 169.254.x.x, which indicates DHCP failure)
- Verify your router has a public IP assigned
- Restart your router to get a new DHCP lease
Remote Access Issues?
- Confirm port forwarding is correctly configured
- Check if your ISP uses Carrier-Grade NAT (CGNAT), which can block incoming connections
- Consider using a dynamic DNS service if your public IP changes
Conclusion
Understanding the distinction between public and private IP addresses is essential for anyone managing a network or troubleshooting connectivity issues. Public IPs serve as your network's identity on the internet, while private IPs organize communication within your local network.
Together with NAT, these addressing schemes allow billions of devices to connect to the internet using a limited pool of public addresses, all while providing a basic layer of security that keeps your internal devices hidden from direct external access.
As the internet continues to evolve with IPv6, the relationship between public and private addressing may change, but for now, this dual-IP architecture remains the foundation of how we connect our devices to the world.
