Menu
sams
By:
sams

Can I create a droplet with no public IP?

December 1, 2014 4.2k views

I'm thinking of doing Setup #2 but would like to restrict database server access. Im thinking I can, in theory, simply SSH from application server to database server to maintain db.

Log In to Comment
3 Answers
ryanpq MOD December 1, 2014

Any droplet you create will be assigned a public IP address but you could disable the public interface or restrict traffic once it is created. There are a few ways to do this:

1.) You can set up an iptables or ufw firewall to drop all traffic to your public IP

2.) You can use the command

ifdown eth0

to disable the public network on a one-time basis.

3.) You can comment out the configuration for the eth0 interface in your droplet's /etc/network/interfaces file.

Reply
  • sams December 1, 2014

    Thanks ryanpq! Will be sure to try these out.

  • aws20005 February 21, 2015

    If I disable public interface, how can I ssh in to access my host? Does that use a different interface? Will I still be able to access my host from the Digitalocean.com dashboard?

  • ryanpq MOD February 23, 2015

    You will still be able to access your droplet via the web console. Your droplet sees the web console as a local keyboard and display so it is not dependent on networking. You can also ssh in through another droplet in the same data center on the private network.

aws20005 February 21, 2015
[deleted]
Reply
makemesad March 22, 2016

as mentioned before you can disable eth0 and use private network to access your droplet. you have 2 options:
1) manually edit interfaces file in /etc/network/interfaces

sudo vi /etc/network/interfaces

here you just delete eth0 cfg block.

2) simply disable eth0 from command line

ifdown eth0
Reply
Have another answer? Share your knowledge.