IP addresses versus IP addresses.
They both are.
Your machine has one IP address, but it isn’t necessarily the IP address that is used to connect to the internet.
The IP address that appears depends on who’s looking and from where.
Two IP addresses
When you check your computer’s IP address, you’ll see a local number, like 192.168.1.100. But websites see your router’s address. Your router acts as a middleman, swapping addresses back and forth using a process called NAT. Both addresses are real and correct!
Your computer’s IP address
Windows doesn’t come with any great utilities to make finding your computer’s IP address easy. (Before you object, I’m talking about the IP address of your computer. As we’ll see in a moment, that’s not something you’ll get from a website.)
The simplest way to find the IP address of your computer is by running a Windows Command Prompt. In the Command Prompt window, type ipconfig followed by Enter.
I’ve highlighted the IP address assigned to the computer’s network adapter. This is the computer’s IP address.
Your computer’s internet IP address
Calling something an internet IP address feels redundant, as IP stands for Internet Protocol. As the Internet Protocol is often used even when not directly connected to the internet, it’s not really that silly to talk about an IP address on the internet, or its internet Internet Protocol address.
There are several sites on the web you can visit to learn your internet IP address. For example, here’s mine, via whatismyipaddress.com.
So why is your internet IP address different than your computer’s IP address?
How IP addresses are born
Let’s back up and look at how IP addresses are assigned.
In most cases, internet addresses are assigned dynamically.
In this example, your computer uses a protocol called DHCP (for Dynamic Host Configuration Protocol) to connect to its ISP or network provider. It asks for an IP address, and the ISP assigns one. From here, that IP address identifies that computer on the internet. The IP address may change: each time the computer connects, it may be given a different IP address. That’s why it’s called a dynamic IP address.
A static IP address is, well, static; unchanging. Your computer doesn’t ask your ISP for an IP address. Both the computer and the ISP are pre-configured manually to “know” the IP address from the start and the computer that it refers to:
Most of the rest of this article applies equally well to static and dynamic assignment, except in the details of how the IP addresses are actually assigned. Dynamic is most common and is almost certainly what you’re using.
Let’s insert a router into the mix. It sits between the computer and the internet. When you turn it on or attach it to your ISP’s provided connection, one of the first things it does is ask for an IP address.
Note that the router asked and received an IP address. That address identifies it — the router — on the internet.
At some point, you turn on your computer, which is connected to the router. It must also ask for an IP address.
The computer makes its request of the router this time and receives an IP address back from the router. Note that the “192.168.” address is special. You’ll never see IP addresses beginning with 192.168. (or 10., or 172.16. through 172.31.) on the internet. Those are reserved specifically for use by local networks.
If you connect a second computer to your router, you are building a local area network, or LAN.
Note that the two computers each get a unique IP address assigned by the router.
And the router has its own IP address that connects it to the internet.
Network Address Translation (NAT) at work
Now, what happens when one of those computers makes a request that accesses something on the internet? The computers get to the internet through the router, so the first step looks like this.
The router then passes that request to the internet via your ISP.
To the internet, it looks like the router is making the request. Remember, the internet cannot see your internal IP address, so the router translates from the internal address (192.168.1.100) to the external (1.2.3.4 in this example). When the response arrives, the same translation happens in reverse.
The router keeps track of which computer on the Local Area Network (LAN) side the request belongs to and routes the response appropriately.
That’s what’s called NAT (Network Address Translation). The router manages the IP addresses on a LAN, or Local Area Network, and then translates to the appropriate IP address as connections are made across it to the internet.
Why NAT?
There are two major reasons why NAT is used even when only one computer is connected to a router.
- All of the devices behind the router appear to use exactly one IP address on the internet. You may have heard that the internet is “running out” of IP addresses, and this technique was initially developed as a way around that. It’s a way to connect a large number of computers to the internet while using only a single internet IP address.
- Connections can only be initiated outbound. This turns your router into a powerful firewall. The computer behind the router can make a connection to a server on the internet, like perhaps https://askleo.com. Once established, that connection can then transfer data in either direction, but it had to be initiated by your computer. A computer out on the internet cannot initiate a connection to your machine. There’s no protocol to traverse the router in the reverse direction. Your router prevents outside computers from randomly connecting to yours.
Even if the first issue weren’t an issue, I’d still recommend using a NAT router as a firewall. It’s that simple and good.
Do this
Your computer can appear to have two IP addresses:
- The local IP address assigned to it by your router.
- The internet IP address of your router. This is the IP address visible to the connections you make to sites and services on the internet.
They both have important roles to play.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Just a friendly heads up: NAT doesn’t prevent unsolicited traffic from reaching your LAN. The best way to block this traffic is with a stateful firewalls.
That said, it’s true that NAT sorta prevents all the random bots on the Internet from reaching your LAN at home. This is the case because the bots don’t have a way of directly addressing the computers on your LAN (using IPv4). However, a stateful firewall does a better job at addressing this issue.
Consider this: suppose you had a router that does source NAT but it also has no firewall (it just forwards everything). Now consider what would happen if an unsolicited packet addressed to “192.168.1.100” reached the WAN interface of this router. In this case, the router would forward the packet. Thus, unsolicited traffic from the WAN would reach the LAN. (This problem actually shows up when you connect one router’s WAN to an upstream router’s LAN; if you want to block unsolicited traffic then a stateful firewall is your one and only option in this case )
By the way, with IPv6 we don’t use NAT, but we still use stateful firewalls. Thus with IPv6 we still block all those random bots from reaching our home LAN.
Computer networking is a hobby of mine but I’m still a fan of this website and youtube channel.
That’s true — NAT by itself doesn’t block unsolicited traffic. But all or almost all consumer NAT routers also include a stateful firewall that’s enabled by default. It’s the firewall, not the NAT, that actually blocks inbound unsolicited packets. Because the two just happen to be bundled together in a home router, people often conflate them and assume a NAT router is also a firewall because in commercial router, they are bundled as one.
Actually your router has two IP addresses, one for your home Network, and another for the Internet. Your router,s local Network IP address is listed as the Gateway address when you run ipconfig (or similar), but the rest of what Leo says is correct. Additionally, the best router-firewalls are routers that are configured to ignore incoming connection requests on all ports. As I understand it, a port is a mechanism used to facilitate the connection between your web browser with an Internet server such as askleo.com’s IP address. Essentially, what happens is that your web browser sends a connection request to askleo.com, and the server on askleo.com negotiates the terms of the connection with your web browser so data can be transferred in both directions. Since your router only ignores incoming connection requests, it will cheerfully pass any and all incoming data packets to your web browser, provided they’re correctly targeted as negotiated when the connection was established. The fact that your router ignores all incoming connection requests effectively makes it and any computers on your home Network (LAN) invisible to any bad guy’s scanning for a connection response/ping. All this is based on the use of the IPv4 protocol. I don’t know enough about IPv6 yet to understand how the firewall works, other than that it will still ignore any incoming connection requests, thusly preventing them from reaching your computer or web browser.
I hope I’ve made all this clear and easy to understand, and if I have anything wrong here, please respond so I can learn! 🙂
Ernie