IP Addresses (Public and Private), Ports, Port Forwarding, NAT (Network Address Translation)

---

IP Addresses: Your Network Identity

An IP address is like a postal address for computers - it tells the network where to send data.

---

IPv4 vs IPv6

IPv4 (most common today):

• Format: Four numbers (0-255) separated by dots

• Example: 192.168.1.100

• Total addresses: ~4.3 billion (2³² addresses)

• Problem: We ran out! That's why we need NAT and IPv6

IPv6 (the future):

• Format: Eight groups of hexadecimal numbers

• Example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334

• Can be shortened: 2001:db8:85a3::8a2e:370:7334

• Total addresses: 340 undecillion (2¹²⁸ - basically unlimited)

• Still being rolled out globally

Private IP Addresses

Private IPs are reserved address ranges that can be used internally in networks but are NOT routable on the public internet.

The Three Private IP Ranges (IPv4):

Class A: 10.0.0.0 to 10.255.255.255

• Subnet mask: 255.0.0.0 or /8

• ~16 million addresses

• Used by: Large corporate networks

Class B: 172.16.0.0 to 172.31.255.255

• Subnet mask: 255.240.0.0 or /12

• ~1 million addresses

• Used by: Medium-sized networks

Class C: 192.168.0.0 to 192.168.255.255

• Subnet mask: 255.255.0.0 or /16

• ~65,000 addresses

• Most common for home networks!

• Your router probably uses: 192.168.1.1 or 192.168.0.1

Special IP Addresses:

• 127.0.0.1 - Localhost (your own computer, loopback)

• 0.0.0.0 - Any address (used in server binding)

• 255.255.255.255 - Broadcast address

• 169.254.x.x - APIPA (automatic when DHCP fails)

---

Public IP Addresses

Public IPs are globally unique addresses that can be reached from anywhere on the internet.

Characteristics:

• Assigned by your ISP (Internet Service Provider)

• Costs money (though residential customers get one included)

• Globally routable

• Can be static (doesn't change) or dynamic (changes periodically)

Examples of public IPs:

• Google DNS: 8.8.8.8

• Cloudflare DNS: 1.1.1.1

• Your home network: Check with curl ifconfig.me

---

NAT: The Magic Bridge

NAT (Network Address Translation) is how your router allows multiple devices with private IPs to share one public IP.

Ports: The Apartment Numbers

If an IP address is like a building address, then ports are like apartment numbers. They identify which specific service or application should receive the data.

Port Number Range

• 0-65535 total ports available

• Ports are 16-bit numbers (2¹⁶ = 65,536)

Port Categories

Well-Known Ports (0-1023):

• Reserved for system/standard services

• Require administrator privileges to use

• Standardized by IANA (Internet Assigned Numbers Authority)

Registered Ports (1024-49151):

• Used by software applications

• Can be registered with IANA but not required

Dynamic/Private Ports (49152-65535):

• Used for temporary/ephemeral connections

• Your computer randomly picks from these for outgoing connections

---

Common Port Numbers and Conventions

Here's a comprehensive list of important ports you as a reference:

Web and HTTP

Port	Protocol	Description
80	HTTP	Unencrypted web traffic
443	HTTPS	Encrypted web traffic (SSL/TLS)
8080	HTTP-Alt	Alternative HTTP (testing, proxies)
8443	HTTPS-Alt	Alternative HTTPS
3000	Development	Node.js, React dev servers
8000	Development	Python SimpleHTTPServer, Django

File Transfer

Port	Protocol	Description
20	FTP Data	FTP data transfer
21	FTP Control	FTP commands
22	SSH/SFTP	Secure Shell and secure file transfer
69	TFTP	Trivial FTP (simplified)
989/990	FTPS	FTP over SSL/TLS

Email

Port	Protocol	Description
25	SMTP	Sending email (server-to-server)
110	POP3	Retrieving email (download)
143	IMAP	Retrieving email (sync)
465	SMTPS	SMTP over SSL (legacy)
587	SMTP	Modern email submission (with STARTTLS)
993	IMAPS	IMAP over SSL/TLS
995	POP3S	POP3 over SSL/TLS

Databases

Port	Protocol	Description
3306	MySQL	MySQL/MariaDB database
5432	PostgreSQL	PostgreSQL database
27017	MongoDB	MongoDB database
6379	Redis	Redis cache/database
1433	MSSQL	Microsoft SQL Server
5984	CouchDB	CouchDB database

Network Services

Port	Protocol	Description
53	DNS	Domain Name System
67/68	DHCP	Dynamic IP assignment
123	NTP	Network Time Protocol
161/162	SNMP	Network monitoring
514	Syslog	System logging

Remote Access

Port	Protocol	Description
22	SSH	Secure Shell
23	Telnet	Unencrypted remote access (obsolete)
3389	RDP	Remote Desktop Protocol (Windows)
5900	VNC	Virtual Network Computing

Messaging and Communication

Port	Protocol	Description
1194	OpenVPN	VPN
5060/5061	SIP	Voice over IP signaling
6667	IRC	Internet Relay Chat
5222	XMPP	Jabber/XMPP messaging

Application Servers

Port	Protocol	Description
8080	Tomcat	Java application server
9000	PHP-FPM	PHP FastCGI
5000	Flask	Python Flask default
4000	Jekyll	Static site generator

---

Port Forwarding: Opening the Door

Port forwarding (also called port mapping) tells your router to forward incoming traffic on a specific port to a specific device on your private network.

Why You Need Port Forwarding

Remember: NAT blocks incoming connections from the internet. Port forwarding creates an exception.

Use cases:

• Hosting a web server at home

• Running a game server

• Remote desktop access

• Security cameras

• File servers

• BitTorrent

• Self-hosted applications## Setting Up Port Forwarding (General Steps)

1. Find Your Router's IP

# On Linux/Mac
ip route | grep default
# or
netstat -rn | grep default

# On Windows
ipconfig | findstr "Default Gateway"

# Usually: 192.168.1.1 or 192.168.0.1

2. Find Your Device's Private IP

# On Linux
ip addr show

# On Mac
ifconfig | grep "inet "

# On Windows
ipconfig

3. Access Router Admin Panel

# Open in browser:
http://192.168.1.1

# Common login credentials (check your router label!):
# Username: admin, Password: admin
# Username: admin, Password: password
# Or whatever you set it to

4. Configure Port Forwarding

Look for sections named:

• "Port Forwarding"

• "Virtual Servers"

• "NAT"

• "Applications and Gaming"

Example configuration:

Service Name: Web Server
External Port: 8080
Internal IP: 192.168.1.100
Internal Port: 8080
Protocol: TCP

5. Test Your Configuration

# From inside your network
curl http://localhost:8080

# From outside (use your public IP)
curl http://YOUR_PUBLIC_IP:8080

# Check if port is open (from outside)
telnet YOUR_PUBLIC_IP 8080
# or
nc -zv YOUR_PUBLIC_IP 8080

Port Forwarding Security Considerations

Risks:

• Exposes your device directly to the internet

• Vulnerable to attacks if service has security flaws

• Can be exploited if not properly secured

Best practices:

1. Only forward necessary ports

2. Use non-standard ports (e.g., SSH on 2222 instead of 22)

3. Keep software updated

4. Use strong authentication

5. Consider VPN instead for remote access

6. Monitor logs for suspicious activity

7. Use firewall rules on the device itself

Common Port Forwarding Scenarios

Home Web Server

External: 80 → Internal: 192.168.1.100:80 (HTTP)
External: 443 → Internal: 192.168.1.100:443 (HTTPS)

Game Server (e.g., Minecraft)

External: 25565 → Internal: 192.168.1.105:25565 (TCP)

Remote Desktop

External: 3389 → Internal: 192.168.1.102:3389 (RDP)
# Better: Use non-standard port
External: 33890 → Internal: 192.168.1.102:3389 (RDP)

Security Cameras

External: 8000 → Internal: 192.168.1.110:80
External: 8001 → Internal: 192.168.1.111:80

---

Dynamic DNS (DDNS)

Problem: Most home ISPs give you a dynamic public IP that changes periodically.

Solution: DDNS services give you a domain name that automatically updates to your current IP.

Popular DDNS providers:

• No-IP

• DuckDNS (free)

• Dynu

• FreeDNS

Example:

Your changing IP: 203.0.113.45 (today), 203.0.115.22 (tomorrow)
Your DDNS domain: myhouse.duckdns.org
→ Always points to your current IP!

---

Checking Your IP Addresses (Bash Commands)

# Check your private IP
hostname -I
# or
ip addr show | grep "inet "

# Check your public IP
curl ifconfig.me
# or
curl ipinfo.io/ip
# or
curl icanhazip.com
# or
dig +short myip.opendns.com @resolver1.opendns.com

# Check all your network info
ip addr show

# See detailed info including public IP
curl ipinfo.io
# Returns JSON with IP, city, region, country, ISP, etc.

# Check if a port is open on your public IP (from inside)
nc -zv YOUR_PUBLIC_IP PORT_NUMBER

# Better: Use external port checker
curl "https://portchecker.co/check?domain=YOUR_PUBLIC_IP&port=8080"

UPnP: Automatic Port Forwarding

UPnP (Universal Plug and Play) allows applications to automatically configure port forwarding.

How it works:

• Application asks router: "Please forward port 12345 to me"

• Router automatically creates the rule

• Used by: games, torrent clients, streaming apps

Security concern: Can be exploited by malware to open ports

Recommendation: Disable UPnP and manually configure port forwarding for better security

---

IPv6 and the Future

With IPv6, every device can have its own public IP address - no more NAT needed!

Benefits:

• No port forwarding necessary

• Direct device-to-device communication

• Simpler network architecture

Current reality:

• IPv6 adoption is growing but still incomplete

• Most home networks still use IPv4 with NAT

• Dual-stack (both IPv4 and IPv6) is common

---

Key Takeaways

Private IPs (192.168.x.x, 10.x.x.x, 172.16.x.x) are for internal networks only.

Public IPs are globally unique and routable on the internet.

NAT allows many private devices to share one public IP.

Ports identify which application gets the data (like apartment numbers).

Port forwarding punches a hole through NAT to allow incoming connections from the internet to a specific internal device.

Security matters: Only forward ports you need, use strong authentication, and keep systems updated.

Understanding IP addresses, ports, and port forwarding is essential for hosting services, gaming, remote access, and really understanding how your home network connects to the internet!

---

---

Explainer video

---