View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Remove the public IP address from a Linode
Log in to Ask a Question

Remove the public IP address from a Linode

remove-public-ip
Linode Staff

I'm setting up my database server and I want it only to be accessible by private IP from my other Linodes. I have a working setup and can access the DB server by private IP.

I now want to restrict public access to this server and would actually like to remove the public IP address altogether. Is this possible?

Or would you suggest a different way to restrict access? I'm already locking it down by not allowing root ssh access and only allowing passwordless access.

3 Replies

Linode Staff

While you can disable your Linode's public IP address by removing it from your interface configuration, I do not recommend it. If nothing else, you would need to find another way for your Linode to receive updates, install packages that may be needed in the future, etc. Our guide on Static Networking does not give specific guidance on how to do this, but does contain all of the necessary information to perform such a configuration.

My recommendation would be to instead allow communication only on the private network by locking down your firewall, and to check out the recommendations in our guides on Securing your Server and Advanced OpenSSH Security Features. It sounds as though you already have some of these things configured, but there are a few more things in those guides whichs are worth considering to improve security on your system, like setting up Fail2ban, which will automatically blacklist IP addresses from which it detects signs of automated intrusion attempts. I would also recommend specifically whitelisting communication for any outside hosts which the Linode may need to contact at some point in the future (e.g. update servers). This will prevent public access, except by the very limited set of hosts with which you have explicitly permitted that communication to happen.

ok, thanks a lot Tommy!

I indeed have some firewall rules setup already and will further configure that to lock the server down as much as possible.

Linode Staff

I wanted to update this post with some guidance for anyone who decides to go this route. Just replace the fake/example IPs with your own.

GATEWAY0=192.168.123.1

IPADDR0=192.168.123.456
PREFIX0=17

The above example is for CentOS 7, but you can adjust for Debian or others using the guidance in the guide I linked earlier. Specifically, you want to set GATEWAY0= to the same /24 range as your private address, with the suffix .1 instead of your address's actual suffix (in this example, .456, a fake suffix), set IPADDR0= to your private address (192.168.123.456) and set PREFIX= to 17. You can then remove the line for the public IP address if you'd like. While we don't remove the public IP from our end, you don't have to bind it, and can simply remove it from the file if you don't need it. Once you restart networking, it should be configured as you want it.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct