TCP/IP: IP Addresses for Private Networks

This article tells how to configure a stand-alone TCP/IP network, or a network that is connected to the Internet using Network Address Translation.
This article has been archived and is no longer updated by Apple.
If you are not connecting to the Internet, you can use IP addresses from ranges having been reserved specifically for use on private IP networks. If you plan to connect your private network to the Internet using a router that supports Network Address Translation, also called NAT and "IP Masquerading." Please read the note at the end of this article.

An IP address is comprised of a network number and a node number; when selecting IP addresses for your network, computers on the same network segment, or "subnet", must have:
  • The same network number: the portion of the IP address that represents the network number must be the same for all devices on the same network.
  • Unique node numbers: the node number is what distinguishes one device from another.
  • The same subnet mask: the mask is what determines how the IP address is subdivided into Network portion and Node portion.

This table assists you in selecting IP addresses for your Private IP network. This is not the entire range of addresses available for Private IP networks, just a subset.
Range (for a single subnet)Default Subnet Mask
Network # Portion
Node # Portion
Sample addresses for a computers on a single network segment*









* When converted to binary, node addresses that are all zeroes (.0, or '00000000') and all ones (.255, or '11111111') are reserved for referring to the network itself, and for the network's broadcast address, respectively. So addresses and would not be available addresses for client workstations.

** There are many more Class C addresses available for Private IP networks: in fact, you can use any class C address in the range 192.168.0.x through 192.168.255.x (where x would represent the node ID, a number between 1 and 254); just remember that, with default subnet mask, the first 3 octets must be the same for all devices on the network (it is the first 3 octets that specify the network number for a Class C address).

Recommendation: Use a different Class C address for each subnet on your private Intranet.

Note: If your network is to be "hidden" from the internet by a hardware or software router that is configured for Network Address Translation (NAT, or "IP Masquerading"); your documentation for that product may suggest using one of these networks numbering schemes, too. Such a router has two (or more) IP addresses.

The IP address on the side of your router that connects to your Internet services (ISP or WAN) may be permanently assigned, or it may be assigned dynamically when your router connects. (DHCP or BOOTP protocols are commonly used to assign an IP address for dial-up, ISDN, and cable modem connections.) The network interface on the local side of the router is an address within the range that all your other local machines use. Thus, the two interfaces on your router are on different logical networks, and may use different subnet masks, but ALL the addresses on the local side must be on the same logical network. This must be so in order that the local side of the router and your client systems may communicate with one another; it is then the router's job to pass traffic between the two different logical networks it serves -- yours, and the Internet.

It could be that additional routing needs to be done on the local side of your network. It then becomes possible that the subnet mask in use on your local subnet which connects to the outside-world router may require a subnet mask that is different from the one the router uses for its own port on your local subnet.

Your local network could be subdivided into several smaller networks by another router (such as another hardware or software router), or a server capable of routing. Such a server would have multiple ethernet ports configured, and might be a Mac OS X, Novell, or Windows NT server. On each resulting subnet, that subnet's lowest-number legal node address is usually assigned to the routing or gateway port by convention.
Published Date: Feb 20, 2012