Private vs Public IP Addresses

Understanding the difference between private and public IP addresses, NAT implications, and quick identification methods.

What's the Difference?

Private IP addresses are used within local networks and are not routed on the public internet. Public IP addresses are globally unique and can be reached from anywhere on the internet. The key difference is reachability: private IPs are only reachable within their local network, while public IPs are reachable from anywhere on the internet.

Private IP Address Ranges (RFC 1918)

10.0.0.0/8 - Class A private range
Full Range: 10.0.0.0 to 10.255.255.255
Total Addresses: 16,777,216 addresses
Common Use: Large enterprises, ISP internal networks
Examples:
10.0.0.110.1.1.110.200.50.100
172.16.0.0/12 - Class B private range
Full Range: 172.16.0.0 to 172.31.255.255
Total Addresses: 1,048,576 addresses
Common Use: Medium businesses, cloud providers
Examples:
172.16.0.1172.20.1.1172.31.255.254
192.168.0.0/16 - Class C private range
Full Range: 192.168.0.0 to 192.168.255.255
Total Addresses: 65,536 addresses
Common Use: Home networks, small offices
Examples:
192.168.1.1192.168.0.100192.168.100.50

Public IP Addresses

All IP addresses not in private, reserved, or special-use ranges

Characteristics

  • Globally unique and routable on the internet
  • Assigned by Regional Internet Registries (RIRs)
  • Can be reached from anywhere on the internet
  • Cost money to obtain and maintain
  • Limited supply (IPv4 exhaustion)

Examples

Public IPOwner/Service
8.8.8.8Google Public DNS
1.1.1.1Cloudflare DNS
13.107.42.14Microsoft services
151.101.193.140Reddit

NAT (Network Address Translation) Implications

Private Networks Accessing Internet
Private addresses must be translated to public addresses to reach the internet

Process:

  1. Device with private IP (192.168.1.100) wants to access internet
  2. Router/NAT device translates to public IP (203.0.113.50)
  3. Internet sees traffic from public IP, not private IP
  4. Return traffic is translated back to private IP

Benefits:

  • Allows many devices to share one public IP
  • Provides security through address hiding
  • Conserves public IP addresses
  • Enables local network management
Internet Accessing Private Networks
Direct access from internet to private IPs requires special configuration

Challenges:

  • Private IPs are not routed on internet
  • NAT blocks unsolicited inbound connections
  • Port forwarding needed for specific services
  • VPN required for general access

Solutions:

  • Port forwarding for specific services
  • VPN for secure remote access
  • DMZ for less secure but simple access
  • Reverse proxy for web services

Quick Identification Methods

MethodDescriptionPrivate IndicatorPublic Indicator
IP Range CheckLook at first octets of IP address10.x.x.x, 172.16-31.x.x, 192.168.x.xAny other address not in reserved ranges
Reachability TestTry to reach from external networkCannot be reached from internetCan be reached from internet (if not firewalled)
Router ConfigurationCheck WAN vs LAN interface addressesLAN interfaces use private addressesWAN interface uses public address (unless CGNAT)

Useful Tools

whatismyipaddress.com
Shows your public IP as seen by internet
ipconfig / ifconfig
Shows local IP addresses on your device
Router admin page
Shows WAN (public) and LAN (private) IPs
traceroute
Shows path including public/private hops

Common Network Scenarios

Home Network
Setup: Router gets public IP from ISP, creates private network inside
Private IPs: Devices use 192.168.1.x addresses
Public IP: Router WAN interface gets ISP-assigned public IP
NAT Behavior: All devices share the one public IP through NAT
Office Network
Setup: Firewall/router creates private network for employee devices
Private IPs: Computers use 10.x.x.x or 172.16.x.x addresses
Public IP: Multiple public IPs for different services
NAT Behavior: Outbound NAT for internet access, port forwarding for servers
Cloud Infrastructure
Setup: Virtual machines in private subnets with NAT gateway
Private IPs: VMs use 10.x.x.x addresses within VPC
Public IP: Elastic/floating IPs assigned as needed
NAT Behavior: NAT gateway for outbound, load balancers for inbound
CGNAT Environment
Setup: ISP uses CGNAT, customers get private IPs
Private IPs: Home router gets 100.64.x.x address (CGNAT range)
Public IP: Shared among multiple customers
NAT Behavior: Double NAT - home NAT + ISP CGNAT

Troubleshooting Common Issues

Can't Access Server from Internet

Possible Causes: Server has private IP, No port forwarding, Firewall blocking

Diagnosis: Check if server IP is private, test port forwarding

Solution: Configure port forwarding or use public IP

Two Networks Can't Communicate

Possible Causes: Both using same private range, No routing configured

Diagnosis: Check for IP address conflicts, routing tables

Solution: Use different private ranges or configure routing

VPN Not Working

Possible Causes: Private IP conflicts, NAT traversal issues

Diagnosis: Check for address space overlap

Solution: Reconfigure IP ranges or use different VPN protocol

Security Considerations

Private Network Security
  • Private IPs provide security through obscurity
  • Still need internal security measures
  • Lateral movement possible within private networks
  • Monitor internal network traffic
Public IP Security
  • Public IPs are constantly scanned and attacked
  • Require robust firewall and security measures
  • DDoS protection may be necessary
  • Regular security updates and monitoring essential

Best Practices

  • Use private IPs for internal networks
  • Reserve public IPs for internet-facing services only
  • Plan private IP ranges to avoid conflicts
  • Document your IP addressing scheme
  • Use DHCP for dynamic private IP assignment
  • Implement proper firewall rules for public IPs
  • Monitor public IP usage and costs

Quick Reference

Private IP Ranges
10.0.0.0/8 (10.0.0.0 - 10.255.255.255)
172.16.0.0/12 (172.16.0.0 - 172.31.255.255)
192.168.0.0/16 (192.168.0.0 - 192.168.255.255)
Identification Tips
If it starts with 10, 172.16-31, or 192.168 = private
If reachable from internet without NAT = public
Check your router - WAN IP is public, LAN IPs are private
Use online tools to see your public IP
Key Rule
If an IP starts with 10, 172.16-31, or 192.168, it's private. Everything else (except other reserved ranges) is public. Private IPs need NAT to reach the internet.