Public IP is reachable from internet; private IP is internal to cloud network. A cloud server with public IP handles external traffic. If using private IPs for internal communication between services (e.g. DB, cache), firewall must block public access to those private-IP-bound services.
Public-facing services (forum, webserver) bind to public IP, while internal services stay private — isolating them from external threats.