A computer or any device, when connected to a network (LAN), is identified by an IP address assigned by the router.
This address is usually in the form 192.168.X.Y and it is released by the router’s DHCP to identify the various devices connected to it.
However, since the router itself is connected to the Internet network (WAN), and acting as a gateway for routing local requests to the outside (NAT), it too will have an IP address issued by its own telephone operator (ISP).
This IP address is commonly called Public IP (or External IP), because it identifies the first device connected to the local network (i.e. the first to contact to reach your LAN from outside).
Depending on the operator, this IP may be static or dynamic, i.e. it may be fixed at each router connection, or it may change.
Usually ISPs release dynamic public IPs, to avoid identification of users that could lead to attacks.
In this way, every time we turn on the router, it will require a new public IP from the operator (which as said will be different every time).
How you can easily identify the public IP
1. through the router, in the main status page we will see all the current settings, including the provider’s public IP address
2. through the browser,through one of the many dedicated websites, such as: whatismyipaddress.com
3. through bash linux, with the control:
curl ifconfig.me
which seems to me the easiest way to remember, in any case there are also others (in any case we will need curl installed)
curl ipecho.net/plain ; echo curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'
4. through windows prompt, with the command:
nslookup myip.opendns.com. resolver1.opendns.com
or through powershell:
Invoke-WebRequest ifconfig.me/ip
What do I need to know my public IP ?
It can be useful in situations where we need to reach a device connected to our LAN (for example: at home) from outside (for example: at work). To do this you will need to set up a port-forwarding in the router, i.e. ‘open’ a certain port on the device’s internal IP.
In this way you just need to type (from anywhere in the world)
IPPublic:PortOpen
to forward the connection request through our router, to the local device.
Dynamic DNS and how it works
As stated before, the public IP almost always changes every time the router is turned on, how do I know each time the IP has been assigned if I’m away from home?
There are DDNS services, i.e. dynamic DNS, that can help you overcome this problem. They also allow you to avoid having to remember the IP address itself (an inconvenient sequence of numbers), in favour of a word of your choice.
There are several, such as noip.com (which is usually supported by almost all routers; in any case, before choosing one service in favour of another, check if it is supported by your router).
After registering with the site, you will need to choose a custom DNS address (i.e. a domain name used to redirect you to your IP).
Example: customddnsname.noip.com
At this point simply configure this DDNS in the appropriate section of the router. The router itself will update the DDNS at every change of the Public IP!
This way, wherever you are in the world, you can access your home network (LAN) simply by typing the following:
ddnsname.noip.com:openport
where in openport you’d find the port previously open on the router, with destination the IP of the device we want to reach.
CAUTION FOR SECURITY!
As we all know, exposing devices to the network without a firewall is never advisable.
Routers usually apply the default firewall precisely to prevent someone from accessing your local devices from the outside.
However, many, many times users do not change the password to access the router itself, making it available to an attacker to access all network settings from the outside.
For this reason, if you configure a DDNS, make sure that your network is well protected (for which one post would not be enough to describe all the steps).
Make sure that your router has a secure password, that it has an active firewall, and perhaps that has access to the network settings from outside (from the WAN) is blocked.