They both are.
Your machine really has only one IP address, but it isn’t necessarily the IP address that’s used to connect to the internet.
The IP address that appears really depends on who’s looking and from where.
Let me explain the who and where that I’m talking about.
Your computer’s IP address
Windows doesn’t come with any great utilities to make finding your computer’s IP address easy. (Before you object, I’m talking about the IP address of your computer. As we’ll see in a moment, that’s not something that you’ll get from a website.)
The simplest explanation is to run a Windows Command Prompt (Start -> All Programs -> Accessories -> Command Prompt, or type the Windows Key +R, type CMD and click OK), and in the Command Prompt window, type ipconfig followed by Enter.
I’ve highlighted the IP address assigned to the computer’s network adapter. This is the computer’s IP address.
Your computer’s internet IP address
Calling something an “internet” IP address feels redundant. IP actually stands for Internet Protocol. As the Internet Protocol is often used even when not directly connected to the internet, it’s not really that silly to talk about an IP address on the internet or it’s internet Internet Protocol address.
There are several sites on the web that you can visit that will tell you your internet IP address. Rather than send you somewhere else, I’ll just tell you: your IP address is 184.108.40.206.
So why is it different than your computer’s IP address?
It’s very likely that all of the computers in your home will show the same internet IP address.
How IP addresses are born
Let’s back up and look at how IP addresses are assigned.
In most cases, internet addresses are assigned dynamically:
In this example, your computer uses a protocol called DHCP (for Dynamic Host Configuration Protocol) to connect to its ISP or network provider. It asks for an IP address and the ISP assigns one. From here, that IP address identifies that computer on the internet. Now, the IP address may change. When the computer connects again, it may be given a different address. That’s why it’s called a “dynamic” IP address.
A static IP address is … well, static. Your computer doesn’t ask the ISP for an IP address. Both the computer and the ISP are configured manually to “know” the IP address from the start and the computer that it refers to:
I’ll now leave static IP assignments behind. Most of the rest of this applies equally well to static and dynamic assignment, except in the details of how the IP addresses are actually assigned. Dynamic is what most situations we’re trying to clarify here involve.
So, let’s insert a router into the mix. It sits between the computer and the internet. When you turn it on or attach it to your ISP’s provided connection, one of the first things that it does is ask for IP address:
Note that the router asked and received an IP address; that now identifies it on the internet.
At some point, you may turn on your computer, which is connected to the router. It must also ask for an IP address:
The computer makes its request of the router this time and receives an IP address back from the router. Note that the “192.168.” address is special. You’ll never see that on the internet. Those are reserved for local networks, like the one we’re building. In fact, if you connect a second computer to your router, you are building a local area network:
Note that the two computers each have a unique IP address assigned from the router.
And the router has its own IP address connecting it to the internet.
Network Address Translation at work
Now, what happens when one of those computers makes a request that accesses the internet? The computers get to the internet through the router, so the first step looks like this:
The router must then pass on that request to the internet:
To the internet, it looks like the router is making the request. Remember, the internet cannot see your internal IP addresses, so the router translates from the internal address (192.168.1.100) to the external (220.127.116.11 in this example). When the response arrives, the same translation happens in reverse:
The router keeps track of which computer on the LAN side that the request belongs to and routes the response appropriately.
That’s what’s called NAT (Network Address Translation). The router manages the IP addresses on a LAN, or Local Area Network, and then translates to the appropriate IP address as connections are made across it.
There are two major reasons why NAT is used, even when only one computer might be connected to a router:
- All of the devices behind the router appear to use exactly one IP address on the internet. You may have heard that the internet is “running out” of IP addresses and this technique was initially developed as a way around that. It’s a way to connect a large number of computers to the internet while using only a single IP address.
- Connections can only be initiated outbound. This means that your computer behind the router can make a connection to a server on the internet, like perhaps http://askleo.com. Once established, that connection can then transfer data in either direction, but it had to be initiated by your computer. A computer out on the internet cannot by default initiate a connection to your machine – there’s simply no protocol to traverse the router in that backwards direction. This is why I so often refer to a NAT router as a firewall, because that’s ultimately what a firewall does as well. It prevents outside computers from randomly connecting to yours.
Even if the first issue weren’t an issue, I’d still recommend using a NAT router as a firewall. It’s that simple and good.
Internet Protocol version 6 is designed to eliminate the problem of running out of IP addresses. Each device on the planet can have its own IPv6 address – they can have several, if that turns out to be useful. There are just that many. (340,282,366,920,938,463,463,374,607,431,768,211,456 theoretically, although I’m sure the practical limit is somewhat less.)
As I mentioned above, even without the need for IP addressing games, Network Address Translation provided by routers turns out to provide such an important security benefit. I don’t see that technique going away any time soon. And it’s certainly still possible do NAT with IPv6.