Disable public IP address on Droplet

Hi all,

Is it possible to disable the public IP address on a Droplet?



Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Most likely, you are looking to remove the public-facing interface, but preserve the interface that hosts your private ip address. This is a common configuration for database servers. You want your web servers connecting to the databases over a private IP and your database servers only answering requests on the private network. In such a scenario you would likely be using ssh over the private network to access the database servers as well.

If that is the case, do not move the entire /etc/networking/interfaces file, but instead just delete the configuration lines related to the public interface. You can figure out which interface is the public one by using the ifconfig command. On my debian droplets the default public interface is eth0. So you would just delete the lines in the file related to eth0 and then restart networking.

This way you still have networking available to machines on your private network, but disable any access attempts from remote machines. FYI, I’m not sure how private the droplet private network really is, so I still install a firewall on every server in addition to disabling public networking.

Hi @anujitmarty,

There is a way but this would mean it won’t be accessible from outside. You’ll only be able to login from your console, are you sure this is what you want?

If yes, then the way to do is

ssh root@YourDropletIp

As soon as you are in, you’ll need to rename the file /etc/network/interfaces. To do so you can do the following

mv /etc/network/interfaces /etc/network/interfaces-old

Then you’ll need to restart your network service

/etc/init.d/networking restart

As soon as you do this, you’ll be able to access the droplet only via the console.

Alternatively, I believe what you are aiming to do is cut off access to your droplet but to your self via SSH, is that correct?

If it is, you’ll just need to close your ports 80 and 443 to do so.

Regards, KDSys