What is the difference between a public and private IP address?

All IPv4 IP addresses can be divided into two major groups: global, or public, or external - this group can also be called 'WAN addresses' — those that are used in the Internet, and private, or local, or internal addresses — those that are used in the local network (LAN).
There are also special-use addresses, intended for technical purposes such as protocol functions etc. Normally these re not exposed to a user at all.

Public IP-address

It is public global addresses that are used in the Internet. A public IP address is an IP address that is used to access the Internet. Public (global) IP addresses are routed on the Internet, unlike private addresses. 
The presence of a public IP address on your router or computer will allow you to organize your own server (VPN, FTP, WEB, etc.), remote access to your computer, video surveillance cameras, and access them from anywhere in the global network.
With a public IP address, you can set up any home server to publish it on the Internet: Web (HTTP), VPN (PPTP/IPSec/OpenVPN), media (audio/video), FTP, NAS network drive, game server, etc.

Note: All servers and sites on the Internet use public IP addresses (for example, google.com —, Google's DNS server — 
All of the public IP-addresses in the Internet are unique to their host or server and cannot duplicate assignment.

For home users, the provider can provide only one or more public IP addresses (as a rule, it is a paid service).

The NAT-enabled IPv4 router allows that home network devices will be using one and the same public IP-address that the system has got from a provider on the WAN-interface of the device for the connection to the Internet. It is this external public IP address which can be used to access the home network computer from the Internet as well, but for this purpose it is necessary to set up Port forwarding on your router.

Due to the limited number of public IP addresses and the increasing number of Internet users, ISPs are now more common to use private IP addresses assigned to subscribers.

Private IP-address

Private internal addresses are not routed on the Internet and no traffic cannot be sent to them from the Internet, they only supposed to work within the local network.
Private addresses include IP addresses from the following subnets:

  • Range from to — a network with a or an /8 (8-bit) mask
  • Range from to — a network with a (or a 12-bit) mask
  • A to range, which is a network masked by or /16
  • A special range to with a or /10 network mask; this subnet is recommended according to rfc6598 for use as an address pool for CGN (Carrier-Grade NAT)

Those are reserved IP addresses. These addresses are intended for use in closed local area networks and the allocation of such addresses is not globally controlled by anyone.
Direct access to the Internet using a private IP address is not possible. In this case, the connection to the Internet is via NAT (network address translation replaces the private IP address with a public one). Private IP addresses within the same local network must be unique and cannot be repeated.

Important! If your ISP provides you with an IP address from the list above, you will not be able to set up a connection to your home network computers and servers from the Internet, because private IP addresses are not routed (not accessible) on the Internet. If you need to access your home network computers from the Internet, you must contact your ISP to obtain a public IP address..
However, even with a private IP address, you can set up remote access to the Keenetic's web interface and home network or your router's resources (services) via our domain name service, KeenDNS. This includes, for example, access to a device with a web interface, such as a network drive, webcam, server, or to a control interface of Transmission torrent client that's running on your router.

As far as Internet security is concerned, the use of a private IP address is more secure than the use of a public IP address, as private IP addresses are not directly visible on the Internet and are behind NAT, which also ensures the security of the home network. When using a public IP address, measures are required to provide additional security for the computer or server that are exposing their services to the Internet.

Assignment of IPv4 address blocks for special uses is referenced in RFC6890. The tables in this document include all of the address spaces that are either way reserved and cannot be used globally.

How do I check if ISP assigns me a direct public address?

To check if your IP address is public, you can use myip.com (or any similar service). You will be shown the IP address of the sender of request to the site; and if it matches the IP address that your Internet service provider assigned you (i.e the one that is shown on Dashboard's infopanel), then you are assigned with a public IP address.
For example:


The IP address on the WAN interface of the Keenetic router can be viewed in its web interface. On the Dashboard home page in the Internet info panel, click 'Connection Details'. In the 'IP address' field, you will see the address which is used to access the Internet.


Here, the numbers are the same and it is actually a public address used on the WAN of the router.


Have more questions? Submit a request



Please sign in to leave a comment.