All IPv4 addresses can be divided into two major groups: global (or public, external) - this group can also be called 'WAN addresses' — those that are used on the Internet, and private (or local, internal) addresses — those that are used in the local network (LAN).
Public IP address
These are public (global) addresses that are used on the Internet. A public IP address is an IP address that is used to access the Internet. Public IP addresses can be routed on the Internet, unlike private addresses.
The presence of a public IP address on your router or computer will allow you to organize your own server (VPN, FTP, WEB, etc.), remote access to your computer, video surveillance cameras, and get access to them from anywhere on the global network.
With a public IP address, you can set up any home server to publish it on the Internet: Web (HTTP), VPN (PPTP/IPSec/OpenVPN, WireGuard), media (audio/video), FTP, NAS, game server, etc.
Note: All servers and sites on the Internet use public IP addresses (for example, google.com — 188.8.131.52, Google's DNS server — 184.108.40.206).
All public IP addresses on the Internet are unique to their host or server and cannot duplicate.
For home users, an ISP can provide one or more public IP addresses (as a rule, it is a paid service).
The NAT-enabled IPv4 router allows home network devices to use one public IP address that it has got from a provider on the WAN interface for the Internet connection. This external public IP address can be used to access home network devices from the Internet as well, but for this purpose, it is necessary to set up Port forwarding on your router.
Due to the limited number of public IP addresses and the increasing number of Internet users, ISPs are now more common to give private IP addresses to subscribers.
Private IP address
Private (internal) addresses are not routed on the Internet, and no traffic can be sent to them from the Internet; they are only supposed to work within the local network.
Private addresses include IP addresses from the following subnets:
- Range from 10.0.0.0 to 10.255.255.255 — a 10.0.0.0 network with a 255.0.0.0 or /8 (an 8-bit) mask
- Range from 172.16.0.0 to 172.31.255.255 — a 172.16.0.0 network with a 255.240.0.0 or /12
- A 192.168.0.0 to 192.168.255.255 range, which is a 192.168.0.0 network masked by 255.255.0.0 or /16
- A special range 100.64.0.0 to 100.127.255.255 with a 255.192.0.0 or /10 network mask; this subnet is recommended according to rfc6598 for use as an address pool for CGN (Carrier-Grade NAT)
Those are reserved IP addresses. These addresses are intended for use in closed local area networks, and no one globally controls the allocation of such addresses.
Direct access to the Internet from a private IP address is not possible. In this case, the connection to the Internet must go through NAT (Network Address Translation replaces the private IP address with a public one). Private IP addresses within the same local network must be unique and cannot duplicate.
NOTE: Important! If your ISP provides you with an IP address from the list above, you will not be able to set up a connection to your home network computers and servers from the Internet, because private IP addresses are not routed (not accessible) on the Internet. If you need to access your home network computers from the Internet, you must contact your ISP to obtain a public IP address.
However, even with a private IP address, you can set up remote access to the Keenetic's web interface and home network or your router's resources (services) via our domain name service, KeenDNS. This includes, for example, access to a device with a web interface, such as a network drive, webcam, server, or to a control interface of the Transmission torrent client that's running on your router.
As far as Internet security is concerned, using a private IP address is more secure than using a public IP address, as private IP addresses are not directly visible on the Internet and are located behind NAT, which also ensures the security of the home network. When using a public IP address, measures are required to provide additional security for the computer or server that are exposing their services to the Internet (e.g. using a firewall to block ports and protocols that are not used by the server; using a DMZ network segment to separate public services from the local network, etc.).
A complete list of network descriptions for IPv4 can be found in RFC6890.
How do I check if an ISP assigns me a public address?
To check if your IP address is public, you can use myip.com (or any similar service). You will be shown the IP address that was used for accessing the site; and if it matches the IP address that your Internet service provider assigned you, then you have a public IP address.
The IP address of the Keenetic's WAN interface is shown in its web interface. On the 'System dashboard' page in the 'Internet' info panel, click 'Connection Details'. In the 'IP address' field, you will see the address which is used to access the Internet.
Here, the addresses are the same, and it is actually a public address used on the WAN of the router.
If you see that the IP addresses do not match and the external WAN IP address of Keenetic in the web interface belongs to one of the private network ranges, then the router has a private IP address.