Anon, so no posted reply needed (if both, choose 'public')

Inspired by a recent file tutorial, I'd like to explore this.
In addition to my curiosity, it might be of learning value!

By "your IP address", I mean only the 'network card' address,
not your WhatIsMyIP.com ?external? NAT'ed ISP address.
(like DOS ipconfig/a or from cli cmd: ip a | grep -w inet)
(&yes, if private, your ISP's router's DHCP gives you this address)

By 'private', I mean RFC1918: 10... or 192.168.. (&172.16../12)

In generalities, this seems to be the difference between:
home/personal vs. where the public *accesses you*.

This can get 'technical', and there's a lot I don't know about
NAT boxes, VPN, port_forwarding, firewall (needed? /r:No), ...
(like 5.3 in this advanced book I found at library)

An advantage seems to be (in simplistic terms):
evil outsiders can't (*simply/trivially*) reach you.
This doesn't cover the instance where you "drag in" evil stuff, generally by accessing a malicious site that instructs your (unsecured) web browser to store stuff (like JavaScript &beyond; again, sorry for my simplistic description: lots Idk).

In addition to my curiosity as to how many LQ'ers are 'public vs. private', feel free to post tutorial info/links Thanks!

Ask NAT!!

Actually, it doesn't quite work that way . . .

Your computer has one public IP-address, on the outside-facing side of your router. But, no one can make an unsolicited inbound connection request unless you have enabled "port forwarding." (This creates an open port on your router and delivers the requests and the data to a specified internal IP.)

Connections that you make to the outside world – such as to LQ – occur through randomly-generated port numbers, and replies are accepted only from the intended remote IP-address. This is how NAT = Network Address Translation works.

No one from the outside can see into your internal network. All IP-addresses there are "non-routable." No internal traffic ever enters the outside world bearing internal IP's, and any such traffic is immediately dropped by the next-hop anyway.

If you do want to route from your inside addresses to another "inside" network, you have to use secure routing technologies such as OpenVPN to create a secure "tunnel" between the two subnets. Then, specified traffic from one internal subnet can be routed to another, but the transfer takes place through encrypted packets that are exchanged between the two secure (OpenVPN ...) virtual routers. No one Hello we are listening from to every word you say the P.S. your right shoe is untied outside ... uhh, except maybe those guys ... can interfere.

For a typical home setup, there is a cable modem or something which has an accessible public IP address. Usually, there is some sort of router connected to that.

If that's some sort of commercially available router appliance then...unfortunately there's a significant chance it is vulnerable to exploits.

My preference is to set up an x86 compatible computer as that router, instead of an off-the-shelf router appliance. This computer receives security updates just like all of my other Debian machines.

No more than a computer if you keep the firmware and software up to date or use decent firmware in it.

I don't understand the question. Most home users and small to medium businesses will use NAT and have one internet facing IP address. As things stand with IP version 4 that's not a choice but the wy it is.
Was there a question beyond that?

There is nothing stating that you have to have a router connected to your ISP modem connection. Thus if you are directly connect your device you are using a Public IP Address.

Now if you could get more than 1 Public IP is another story.

That depends. In my case, and others, the ISP box needs to be present as it is a brouter. In the case of people still using MODEMs it is often the case now that the ISP will, again, provide a brouter instead.
My point being that in all cases the ISP chooses and in the vast majority of modern internet cobections that choice is a brouter with a switch installed, usually allowing ethernet and wireless.

This all really depends on your ISP handoff. If you have copper or fiber handoff you should be able to connect directly to it. If it is a cox then you might need their device or depending on where you live you could by your own modem and connect it. I know a lot of ISP in the states that allow you to connect your own device.

Things may well be very different in the US but in the UK at least even those using their own equipment aren't generally connecting a MODEM to their computer in a PCI slot or by USB but, instead, are connecting to a switch and brouter. I actually didn't know internal ADSL MODEMs existed.

@NAT: ?

The "modem," whatever it is, is the device which converts TCP/IP (and UDP) packets into whatever electrical format the carrier requires. It is, literally, a transmitter and a receiver for some kind of cable (or, for a satellite link).

The "router," which is often built-in to the modem these days, is the digital interface which allows one IP-address to serve many computers ("subnets") on the inside. It also facilitates communication between those "inside" devices.

If your public IP-address is 101.102.103.104, then the packets you're sending to LQ right now might appear to be coming from "port #12345" at this IP. Your router picked this port-number out of its hat, for this particular conversation. When packets come back from LQ's IP, destined for this port-number, your router will strip-off that port number (substituting the one you used), and use that number to forward the packet to "you," on the inside network. When you terminate this conversation, "port #12345" will lose its present meaning. Packets bearing a port-number that are not in-use by the modem (e.g. "stragglers") are dropped.

The router does not reveal the internal IP-address that it is sending it to, nor does it honor an inbound-connection request ...

... unless you've set up "port forwarding." If you, say, wanted to host your own web site, then you'd "port forward" the HTTP and HTTPS port-numbers so that your router would broker connection-request packets, and would forward those packets to your designated web-server machine.

Routers are reasonably well-made, but every manufacturer updates the software from time to time. For instance (just as with a brand-new cell phone ...), you should connect to the manufacturer's web-site and install software updates, unless it does so by itself. (Allow it to do so by itself.)

I also recommend turning off "automatic configuration" options, and that you immediately change the manufacturer-provided network name and password. Don't allow the configuration panels to be accessed wirelessly.

Some routers support OpenVPN, or provide this as an add-on software option, and they happen to do it well.

You should update to the open source firmware IF your router suppoorts it as this WILL almost certainly be more up-to-date than the manufacturer's and likely VERY much more secure.

I have to admit I am confused as to the purpose of this thread?
An above comment reminded me that most corporate machines are NAT'd also, in the IP4 world at least, so I don't understand why this is being asked.

I know of one company that is using public IP Addresses on site and it's a class B. (Shhhtttt! No names. )