My IP Help

Private IP

Also known as: Private IP address, Internal IP, RFC 1918 address

An IP address from one of the reserved ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) that is used inside a local network and is not routed on the public internet.

Last updated:

What is a private IP?

A private IP address is an IP address that is reserved for use inside local networks and is never announced or routed on the public internet. If you try to send a packet with a private source or destination across the internet backbone, every well-configured router will drop it. Private addressing exists because IPv4's 4.3 billion addresses were never enough to give every device a public IP — NAT and private ranges solve that.

The RFC 1918 ranges (IPv4)

RFC 1918 reserves three IPv4 ranges for private use:

| Range | Prefix | Total addresses | Common use | |--------------------|--------|-------------------|------------| | 10.0.0.0/8 | /8 | 16,777,216 | Large enterprises, datacenters | | 172.16.0.0/12 | /12 | 1,048,576 | Medium networks, Docker default | | 192.168.0.0/16 | /16 | 65,536 | Home routers, small offices |

Your home router almost certainly hands out addresses like 192.168.1.100 or 192.168.0.42. Corporate networks more commonly use 10.x.x.x. A few other ranges are also non-routable:

  • 127.0.0.0/8 — loopback (your own machine only)
  • 169.254.0.0/16 — link-local (auto-configured when DHCP fails)
  • 100.64.0.0/10 — shared address space for CGNAT

How private IPs reach the internet

Devices with private IPs rely on NAT to reach the public internet. The NAT router rewrites the source address on outbound packets to its own public IP, records the mapping, and reverses the rewrite on replies. This is why hundreds of devices on a home Wi-Fi network can all browse the web through a single public IP.

IPv6 and private addressing

IPv6 deprecates most of the reasons for private addressing — there are enough globally unique addresses for every device. IPv6 still provides Unique Local Addresses (ULA) in the fc00::/7 range for use cases that genuinely need non-routable addressing (isolated labs, VPN overlays), but most IPv6-enabled home networks assign globally unique addresses to every device.

Check your device's private IP with ipconfig on Windows or ifconfig/ip addr on macOS/Linux. Check your public IP with our IP lookup tool.

Frequently Asked Questions

A private IP comes from one of the reserved ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and only works inside a local network — internet routers will not forward it. A public IP is globally unique and routable, so any other internet host can reach it (subject to firewalls). Devices on a home network use private IPs internally and share a single public IP via NAT to reach the outside world.
Because `192.168.0.0/16` is one of three IPv4 ranges RFC 1918 reserved for private use, and most consumer router vendors default to this range (specifically `192.168.0.0/24` or `192.168.1.0/24`). The choice is convention, not requirement — you could reconfigure the router to use any of the three RFC 1918 ranges. Corporate networks more commonly use `10.x.x.x` because it has more available addresses. Docker, by default, uses `172.17.0.0/16` from the third range.
No — every well-configured router on the public internet drops packets with an RFC 1918 source or destination address. That is the entire point of "private" — these addresses are not announced in the global routing table. To reach a service on a private IP from outside, you need port forwarding on the NAT router, a VPN tunnel into the private network, or a reverse-tunnel service like Tailscale, Cloudflare Tunnel, or ngrok.
The ranges are the same, but the specific assignments are not coordinated — any number of separate networks can independently use `192.168.1.5`. This is harmless because private IPs never cross the internet. It does cause complications when two private networks try to merge (corporate VPNs, mergers, federated lab environments) and discover overlapping subnets — usually resolved by re-numbering one side or using NAT between the two networks.
Yes — Unique Local Addresses (ULAs) in the `fc00::/7` range, defined in RFC 4193. They serve a similar purpose: addresses that are guaranteed not to be routed on the public internet. But because IPv6 has enough addresses for every device to have a unique global address, ULAs are far less commonly used than IPv4's RFC 1918 ranges. Most IPv6-enabled home networks just assign globally routable addresses to every device and rely on a stateful firewall instead of NAT.
Back to glossary