What other IP addresses can/should I use for my home network?

I've been using 192.168.1.x for my home network, which has been perfectly happy for quite some time. However, I just started a new job, and they use the same set of IP addresses when I connect over the VPN.

Naturally, this causes problems.

What other IP address ranges can (and should) I use to prevent conflicts? Would it be OK to use 192.168.2.x... or 42.x ;) ?

I know at one point my brother had setup our network to use 10.0.0.x - but when I used a traceroute program it would say that all of our packets were going to Brazil or something.

Are there other IP addresses reserved for internal networks that I should use?

Wayne Werner

Posted 2015-04-24T12:36:32.177

Reputation: 1 501

1I generally recommend that folks with home networks just use 192.168.XX.0/24 where XX is between 10 and 245. perhaps the last two digits of the year of your birth? Any number in that range works.

"69 dudes!" -- Bill S Preston Esqr and "Ted" Theodore Logan – Frank Thomas – 2015-04-24T12:50:32.730

17@DavidGrinberg Hopefully, you'll never need to visit that range then. That range is assigned to a company called Xerox. – phyrfox – 2015-04-24T14:25:09.703

11If 10.0.0/24 traffic is going to Brazil, your ISP is doing something very weird, and you should call them out on it. Except with special arrangements between the parties involved, 10/8 (like the other RFC 1918 ranges) is supposed to never make it past the egress router of a network. – a CVn – 2015-04-24T17:17:51.543

@MichaelKjörling, the exception is that as an ISP client, you are considered to be part of their private network. So, if the ISP's network spans internationally (such as Brazil) you can potentially reach a 10.0.0.0/8 address in another country. While it is generally good design to minimize this exposure to clients, this is an increasing trend as ISPs run out of PI IP space to use on their internal networks. – YLearn – 2015-04-24T18:14:19.723

Very weird IMO for your company to be using 192. 172 or 10 are typical in companies with any kind of knowledgeable IT department. – paqogomez – 2015-04-24T22:22:39.347

@paqogomez: Using 192 would make sense for a small company. Being well-informed has little to do with it. – martineau – 2016-09-19T23:56:42.920

That is weird that they would conflict that way. The VPN should have NAT'ed you or otherwise allowed 2 private networks be used on either side of the pipe. It had to be a COMMON conflict considering that 192.168.0 is the most used default network for cheap residential routers... – GB - AE7OO – 2020-01-10T14:32:05.447

Answers

You can freely use any Private Network Address within the following reserved ranges:

Private Address Space

The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets:
    10.0.0.0        -   10.255.255.255  (10/8 prefix)
    172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
    192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

(from RFC 1918 - Address Allocation for Private Internets)

You'll also want to keep in mind the network Host Address and Broadcast Address:

Broadcast IP Addressing - Proposed Standards

If different IP implementations are to be compatible, there must be a distinguished number to denote "all hosts".

Since the local network layer can always map an IP address into data link layer address, the choice of an IP "broadcast host number" is somewhat arbitrary. For simplicity, it should be one not likely to be assigned to a real host. The number whose bits are all ones has this property; this assignment was first proposed in. In the few cases where a host has been assigned an address with a host-number part of all ones, it does not seem onerous to require renumbering.

The address 255.255.255.255 denotes a broadcast on a local hardware network, which must not be forwarded. This address may be used, for example, by hosts that do not know their network number and are asking some server for it.

Thus, a host on net 36, for example, may:

broadcast to all of its immediate neighbors by using 255.255.255.255

broadcast to all of net 36 by using 36.255.255.255

(Note that unless the network has been broken up into subnets, these two methods have identical effects.)

If the use of "all ones" in a field of an IP address means "broadcast", using "all zeros" could be viewed as meaning "unspecified". There is probably no reason for such addresses to appear anywhere but as the source address of an ICMP Information Request datagram. However, as a notational convention, we refer to networks (as opposed to hosts) by using addresses with zero fields. For example, 36.0.0.0 means "network number 36" while 36.255.255.255 means "all hosts on network number 36".

(from RFC 919 - Broadcasting Internet Addresses)

Additionally, you'll want to understand Classless Inter-Domain Routing (commonly referred to as CIDR) and its CIDR notation for expressing IP address ranges:

Classless Inter-Domain Routing (CIDR, /ˈsaɪdər/ or /ˈsɪdər/) is a method for allocating IP addresses and IP routing. The Internet Engineering Task Force introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet. Its goal was to slow the growth of routing tables on routers across the Internet, and to help slow the rapid exhaustion of IPv4 addresses.

CIDR notation is a compact representation of an IP address and its associated routing prefix. The notation is constructed from an IP address, a slash ('/') character, and a decimal number.

The address may denote a single, distinct interface address or the beginning address of an entire network. The maximum size of the network is given by the number of addresses that are possible with the remaining, least-significant bits below the prefix. The aggregation of these bits is often called the host identifier.

For example:

192.168.100.14/24 represents the IPv4 address 192.168.100.14 and its associated routing prefix 192.168.100.0, or equivalently, its subnet mask 255.255.255.0, which has 24 leading 1-bits.

the IPv4 block 192.168.100.0/22 represents the 1024 IPv4 addresses from 192.168.100.0 to 192.168.103.255.

the IPv6 block 2001:db8::/48 represents the block of IPv6 addresses from 2001:db8:0:0:0:0:0:0 to 2001:db8:0:ffff:ffff:ffff:ffff:ffff.

::1/128 represents the IPv6 loopback address. Its prefix length is 128 which is the number of bits in the address.

Francisco Tapia

Posted 2015-04-24T12:36:32.177

Reputation: 2 383

This would be right on the money, also remember that sub netting is also possible if you want smaller networks! http://en.wikipedia.org/wiki/IPv4_subnetting_reference

– None – 2015-04-24T12:57:44.180

4yes you put that well, though dot 0 is the network address, and dot 255 the broadcast which he may use but he wouldn't assign. – barlop – 2015-04-24T14:01:53.120

@barlop Addresses ending in .0 and .255 do not indicate the network and broadcast addresses respectively, except in the very specific case where the IPv4 subnetwork ("subnet") mask is exactly 24 bits long. 24-bit netmask length (netmask 255.255.255.0) is a common setup for private networks, but it is not necessary and in fact "classful" IP address assignment has been deprecated since the mid-1990s. These days all IPv4 assignments are CIDR.

– a CVn – 2015-04-24T17:14:03.497

2Note: the "private networks" above refers to private residential networks. (Grace period ran out and I'd rather not delete the comment now.) Corporate networks may very well require a shorter netmask to accomodate all the hosts that need to be on a given subnet. – a CVn – 2015-04-24T17:19:53.397

@MichaelKjörling your are right and anyway for barlop ive added some RFC and Wikipedia Reference to keep in mind Network Address and Broadcast Address. – Francisco Tapia – 2015-04-24T17:20:40.387

@MichaelKjörling well, talking CIDR, even in the 172.16 case, which was /13 ,(so a very awkward one) but even then, the broadcast address ended in .255 The 192.168/16 and the 10/8 aren't /24 and would've been ending in a plurality of 255s. The 192.168.x/24 is simple as you say, ending in .255 . A case where the broadcast wouldn't end in .255 and I had to think for that one, would be if the network portion extended into the 4th octet and the bits it held were not all 1s. – barlop – 2015-04-24T18:14:39.203

3@barlop the point is that your statement above is misleading. Take 192.168.0.0/23 for example. Your statement above would lead someone to think that 192.168.0.255 would be the broadcast address when this is a valid host address and the broadcast address is actually 192.168.1.255. Similarly, 192.168.1.0 is not a network address but a valid host address. The only time a .0 is always a network address and a .255 is always a broadcast address is a /24. – YLearn – 2015-04-24T18:17:57.557

@YLearn err, my statement above? The statement directly above your comment is clear and correct is it not? If u mean my first comment yes it could've been misinterpreted as a statement that every address ending in 255 is a broadcast,and I clarified what I meant.To be more specific-it seems to me that Broadcasts and network addresses will always end in 255[s] or 0[s] except for a case of the network address going into the 4th octet then if there's any bit set to 1 in that network portion you won't get a 0 network address and if there's any bit there set to 0 there u won't get a 255 BC address – barlop – 2015-04-24T18:36:41.903

2@barlop A smaller-than-/24 is the common globally-routable assignment for leaf sites these days. 10+ years ago I administered two separate IPv4 networks which had been assigned globally routable IPv4 addresses, one /27 and one /28 (same ISP, same customer, different sites). The public netblock at my current workplace is similar; I don't recall exactly, but I think it's a /28. Your initial comment said that "dot 0 is the network address, and dot 255 the broadcast", which holds if and only if the netmask is /24. For any other case, the statement is either (a) misleading or (b) outright false. – a CVn – 2015-04-24T18:39:01.647

If you want to discuss this further, please ask a separate question about it so that it can be answered properly. – a CVn – 2015-04-24T18:39:04.337

@MichaelKjörling sometimes it spawns a chat link. Your statement is also a bit misleading.. in saying that only with a netmask of /24 is it true that ""dot 0 is the network address, and dot 255 the broadcast"" Because it could be interpreted as the network address never being dot 0 and the broadcast never .255 for a /24. Likewise I wasn't saying that every single address ending in dot 0 and I wasn't saying that every address ending in dot 255 is a broadcast. Any address from /0(if you can have a /0) to /24 will have a NW add ending in 0 and a BC add ending in 255. And not multiple ones.... – barlop – 2015-04-24T18:48:01.567

@MichaelKjörling if you interpreted my comment as every single address ending in .0 even for up to /24, is a network address and every single address ending in .255 even for up to /24 is a broadcast address then a network would have multiple network and broadcast addresses and indeed I didn't mean that. So I later said 0s n 255s. But great points have been made re the network portion smaller than /24 where the network address would-could not be dot 0(as the last octet's nw portion would have a 1 in it) and the bc might not b .255(though would if the network portion in that octet were all 1s) – barlop – 2015-04-24T18:50:42.460

I do acknowledge the clarifications you MichaelKjörling and Ylearn have made to my first comment. – barlop – 2015-04-24T18:54:04.187

1Keep in mind some of these networks are used more commonly than others. The 172.16. networks are used the least frequently that I've seen, and the size of the 10. network means that you can choose something in the middle reasonably safely without risk of conflict (I use 10.24.1.0/24 myself personally). The 192.168 network although the middle in size is the most commonly used and the chances of having a conflict using any /24 in there is pretty high (and from 192.168.1.0/24 through to 192.168.10.0/24 extremely high) – Mark Henderson – 2015-04-24T21:52:17.097

The 192.168.1.1 IP address used by many home routers is an IANA-reserved private network address or subnet.

What's a subnet? An entire range of IP addresses that you can split up into a smaller ranger (the act of splitting it up is called subnetting) if you want.

So the above range is 192.168.0.0/16. Keeping it simple without getting too much into the individual bits, each "octet" or individual number in the address is 8 bits, and the ones that are "yours" start from the right. So that means the last two octets (16 bits) are yours to do whatever you want. So you can use all the IP addresses from 192.168.0.1 to 192.168.255.254 (the first one is reserved and the last one is a broadcast address) really in any way you want and your router allows.

The simplest route usually taken in this situation is to use the "sub-subnet" 192.168.0.0/24 or 192.168.1.0/24. Using 192.168.0.0/24 as an example, this means your home network can use any IP address from 192.168.0.1 through 192.168.0.254, with 192.168.0.255 being the broadcast address.

But you are free to change the subnet, since you have two numbers that are really "yours", so you can use 192.168.44.0/24 or any other number for the second octet. Just keep in mind that everything that needs to see each other on the network needs to be on the same subnet (i.e. within that subnet's range of IP addresses). So your router's IP address needs to appear in that subnet (good choice is 192.168.44.1), and your router needs to give out DHCP addresses from a range in that subnet (say something like 192.168.44.10 through 192.168.44.50).

Nothing is really stopping you from using 192.168.0.0/16 for your home router either, but it's good practice to leave some room for additional networks or changing things in the future.

LawrenceC

Posted 2015-04-24T12:36:32.177

Reputation: 63 487

1I would say this is the should and @FranciscoTapia is the can [of the answers title can/should] – Austin T French – 2015-04-24T13:21:46.833

@AthomSfere i think you are absolutly right. – Francisco Tapia – 2015-04-24T14:05:17.983

2You've got the subnet mask lengths backwards. /8 gives you 24 bits host. You want /24 which gives you 8 bits host (32 total minus 8 and 24 for network, respectively). 192.168/16 is RFC 1918 space, anything less (longer subnet mask) which fully fits within that range is thus also 1918 space. – a CVn – 2015-04-24T17:25:18.780

Thanks for pointing out the total derp on my part, fixed. – LawrenceC – 2015-04-24T19:20:49.487

@AthomSfere Can you elaborate on why this is the "should"? – Jon Bentley – 2015-05-08T12:20:33.690

I know this is an old question, and some answers above are correct.

To put it simply, the Internet Assigned Numbers Authority (IANA) established three blocks of the IP address space for private networks:10.0.0.0 – 10.255.255.255, 172.16.00 – 172.31.255.255, 192.168.0.0 – 192.168.255.255.

The third IP address that you used is enough for most users for connecting up to 254 devices. So it have been commonly used till today.

Note that there is really nothing wrong from using a 10.0.0.0 or 172.16.00.

Mark Twain

Posted 2015-04-24T12:36:32.177

Reputation: 244

2The third IP address that you used is enough for most users for connecting up to 254 devices. Not quite. It is enough for a lot more devices. (2^16-2, aka 65534 devices, not just 2^8-2 aka 254). – Hennes – 2016-07-22T09:17:48.840

The reason why you should use private addresses in those ranges in your internal networks, is because these are the addresses that are not used on the internet for real networks.

In fact backbone routers won't forward in general packets for these addresses (although some ISPs actually dish out private IPs to customers, in this case you'll be going through their NAT).

If you choose another range of addresses for your network, which are public addresses, in use somewhere else in the internet, then you lose accessibility to those other addresses, due to local routes to those destinations overriding default routing to the real remote network.

Adrien

Posted 2015-04-24T12:36:32.177

Reputation: 1 107

Correct. You can do that just fine, but you need to make sure those IPs belong to you (and by that also not to someone else on the Internet). That used to be the way that the Internet worked before we ran out if IPv4 addresses. These days home users are forced to use NAT, and thus RFC1918 or some clever routing and loose access to a few devices on the Internet. – Hennes – 2016-07-22T09:21:29.013

I hate to think how many people can't access the 1.2.3.0 network over the internet. We saw a lot of customers use this range over the years on their internal networks. – Adrien – 2016-07-22T09:26:21.333

Not as bad as seeing a network using the loopback address range, in two different locations. Now mind you this was all OLD ethernet, the network used hubs, not switches to connect everyone. Actually the Hubs were only used for the 10BaseT computers, the 10Base2/5 machines had their own ring,. And Hubs are dumb! They did not care what your IP address was and neither did the Windows of the time. I got called in, when they tried to connect them via Frame Relay. and it would not route properly. – GB - AE7OO – 2020-01-10T14:21:41.770

Yes, you would be OK using .2.x, and that would not cause any problems, however make sure your netmask is set to 255.255.255.0 and not 255.255.0.0 because it would try to mix your .2.x with your vpn .1.x as if it was the same network.

arana

Posted 2015-04-24T12:36:32.177

Reputation: 570