Why is my public IP address not unique (and what do I do about it)?

Question

I have an application that runs on "remote" machines that I would like to enhance with a web server module so that I can use an ordinary web browser to get information about the application state. I will be using Poco Libraries, not that it matters much.

Step 1: add a server module to serve up "Hello World!" locally -- done, easy.

Step 2: find my "local" machine's public IP address, e.g. by going to here, and then use some externally-routed web-browser (e.g. on my phone) to simulate a "remote" connection to my "Hello World!" responder -- fail.

Every machine in my office that I have tested shares the same public IP address... despite many webpages discussing public IP addresses describing them as unique. Why are they not unique?

Having heard of Network Address Translation, I'm guessing something along those lines must be occurring (maybe Port Forwarding?)... but even though that might answer the initial question, what is the practical programmer's answer to "now that I understand public IP addresses may not be unique, how can I uniquely identify a particular machine at a remote site when it is (likely) behind a firewall?

Answer 1

First, the reason your public IP address is not unique is that you and all the devices sharing the same IP address are not directly connected to the internet, but are connected via some intermediate "gateway" device (e.g. switch, router, modem). Your public IP address is actually the address of that gateway device.

So when you request a web page from Google or Facebook or wherever, that device translates your LAN IP and port number (probably 80 for HTTP, 443 for HTTPS) into its IP and some other port number that it can re-translate when the response comes back in. This is one form of network address translation (NAT), and it is a dynamic arrangement that typically operates across the scope of a session - it is set up when a session starts, and shut down when the session ends.

That is the situation when your device is behaving as a client; when you want to turn it into a server, you have two options:

• Set up a VPN
• Use port forwarding

A VPN (virtual private network) will make a remote machine appear to your machine as if it is part of your local network. You have to install special VPN software to do it, and you will get a more robust and universal solution by doing so. However, it might be overkill if you are only wanting to serve up something simple, e.g. from your home computer for your own personal benefit.

Port forwarding is somewhat easier to do, but may be prohibited by the IT policies of whoever is hosting your device due to security concerns. It requires a static entry in a table on the "gateway" device (router, switch, modem) that connects you to the internet. It tells that gateway device to send all traffic on a particular port to a port on your device with its (private, LAN) IP. For how to do it, consult the manual of that gateway device.

All of this applies to IPv4. How it will change when IPv6 has more uptake is anyone's guess - in theory everyone's device will have a unique public IP address under IPv6, but with security being a major concern on the internet, it is not clear how "public" those public addresses will be - a lot of devices will likely remain hidden behind the firewalls provided by those gateway devices.

Answer 2

Since we don't have enough ipv4 addresses for every device, NAT (network address translation) was invented. That means your router has a public IP address and manages sessions (detects a TCP connection and temporarily forwards the outgoing port to the client that opened the connection)

You need to forward one or multiple ports to the LAN address if your server (probably 80 and 443 for HTTP and HTTPS respectively)

In ipv6 however, every machine has an own public address.