Home Network Tools Guide

Is my IP address public or private?

Every device on a home network has a private IP that's hidden from the internet, and shares one public IP with everyone else in the house. Here's how to tell which is which.

· 6 min read

Open the network settings on your laptop and you'll probably see 192.168.1.42 or something close to it. Open this site's what-is-my-ip page on the same laptop and you'll see something completely different — say 82.34.56.78. Both are real. Both belong to you. They're answering different questions.

The first one is what your laptop calls itself inside your house. The second is what the rest of the internet sees when your laptop talks to it. The reason they don't match is the reason home networks work the way they do.

What "private" actually means

In 1996, RFC 1918 set aside three address ranges as private. Anyone can use them; nobody owns them; they don't route on the public internet. Pick any of these and you can build a network without coordinating with anyone:

  • 10.0.0.0/8 — roughly 16 million addresses, favoured by larger corporate networks.
  • 172.16.0.0/12 — about a million, the least-used of the three.
  • 192.168.0.0/16 — about 65,000, the default on virtually every home router shipped in the last twenty years.

IPv6 has a similar carve-out at fc00::/7, the unique-local range. It's used less than v4 private addresses because IPv6 networks usually have enough public addresses to skip private ones entirely.

A private IP can only talk to other devices on the same private network. If you typed 192.168.1.42 into a browser from a different network, the request would either go nowhere or hit some entirely unrelated device that happens to share the same address on its own private network. The ranges are reused millions of times across the world.

NAT — the bridge between private and public

Your home router has two faces. One faces the inside of your house and runs on a private address — typically 192.168.1.1 or 10.0.0.1. The other faces the internet and runs on a single public address that the ISP gave you, often re-issued every few weeks.

Network Address Translation (NAT) is what stitches the two together. When your laptop opens a connection to a website, the request goes through the router. The router rewrites the source: it replaces your laptop's private address with its own public one, picks a port number to keep track of the conversation, and remembers the mapping. When the reply comes back to that port, the router rewrites the destination back to your laptop's private address and forwards it on.

From the website's point of view, every device in your house looks like the same one — they all share the router's public IP. From your laptop's point of view, it's talking directly to the website on its private address; the NAT layer is invisible.

This is the trick that bought IPv4 an extra twenty years past the date it was supposed to run out of addresses. A household of six devices needs one public address instead of six. An office of three hundred needs one instead of three hundred. The shortage moved from "crisis" to "manageable" the moment NAT became the default in consumer routers in the mid-1990s.

How to tell which is which

The rule is mechanical. If the address falls inside one of the RFC 1918 ranges, it's private. If it doesn't, it's (probably) public.

  • Starts with 10. — private.
  • Starts with 192.168. — private.
  • Starts with 172. and the second octet is 16 to 31 — private. (172.15.x and 172.32.x are public.)
  • Anything else — public, with a handful of exceptions for loopback (127.x), link-local (169.254.x), and multicast.

On Windows, ipconfig in a Command Prompt shows the address your machine is using. On macOS and Linux, ifconfig or ip addr does the same. On a phone, the Wi-Fi settings show it once you tap the network you're connected to.

The what-is-my-ip page on this site does the other half: it reports the public address that the wider internet sees for your connection. If your local address is private and the page reports a different address, NAT is doing its job. If they match, you're directly connected without NAT — rare on home networks, more common on cloud servers and university hostels.

Special cases

Carrier-grade NAT. Some ISPs, particularly mobile networks and some fibre providers, don't give each customer a unique public IP. They put your router behind another router (and another NAT) that's shared between hundreds or thousands of subscribers. From your laptop's point of view, the router's WAN-side address looks public — it might be a 100.64.x.x address, which is a fourth private range carved out specifically for CGNAT — but the address the public internet actually sees is different again. This is why some people see 100.x.x.x on their router status page and think it's a bug. It isn't, but it does mean port forwarding from outside the house is impossible without your ISP's cooperation.

VPNs. When you turn on a VPN, the public address that the wider internet sees becomes the VPN provider's exit IP. Your private LAN addresses don't change. The what-is-my-ip page will report the VPN's address; ipconfig will still show your local one.

Direct public assignment. A small number of business broadband packages still give customers an actual block of public IPs, with no NAT in the middle. Your device sits directly on the public internet with its own routable address. Cheaper than it used to be, more useful if you self-host, and the answer to why someone occasionally sees their machine's local IP match the one this site reports.

Why this matters

The distinction is invisible until it isn't. Then it's the whole problem:

  • Port forwarding. Opening a port happens on the router's public IP, but the traffic gets forwarded to a device on its private one. If you don't know which is which, the rule won't work.
  • Geolocation. Anything that tries to guess where you are uses your public IP. The private one is meaningless globally.
  • Firewall rules. A rule that blocks 192.168.1.0/24 is meaningless on the public internet. A rule that blocks a specific public range doesn't catch your home network unless you specifically list its public IP.
  • Remote access. Connecting to a home machine from outside the house requires the public IP plus a forwarded port (or a tunnel like Tailscale that hides the whole problem).

Practical takeaways

  • Run what-is-my-ip to see the public IP your connection presents. If your machine's local address looks different, NAT is between them.
  • Check ipconfig on Windows, ifconfig or ip addr on Mac/Linux, or your phone's Wi-Fi settings for the private one.
  • If the two addresses match, you're directly connected without a NAT layer. On home networks this is rare; on a cloud VM or hosted server it's the norm.

Related reading

The what-your-IP-reveals guide covers what a public IP does and doesn't tell about you — geolocation accuracy, ISP attribution, the rest. The IPv4 vs IPv6 guide covers why home networks have both an IPv4 NAT setup and (often) a NAT-free IPv6 setup running side by side. The what-is-my-ip and DNS lookup tools cover the two practical halves of the question.

Tools mentioned in this guide

Bryan McGuire

About Bryan McGuire

Founder of AI-Regenesis Ltd. Two decades building web tools. Writes ToolPage's guides because he wanted the answers when he first hit these problems.

More by Bryan ›