How do I create a Droplet without a private IP?
There is no way to make a Droplet without a private IP address, but you can disable the address on your Droplet from the command line or by updating your Droplet’s eth1 interface configuration.
Since October 2020, we automatically assign private IP addresses to Droplets by default, to make them accessible to the VPC service. As such, private networking is enabled, and there is currently no way create a Droplet without a private IP or disable it from the DigitalOcean Control Panel after creation.
Note
Warning
Disable Private Network Interface
To temporarily disable your Droplet’s private networking interface, use the ip utility:
ip link set eth1 down
This disables the private network interface until your Droplet is rebooted. You can validate that interface is down by running the ip utility with the -br flag.
ip -br a
The -br flag returns only basic information about your Droplet’s network interfaces for better readability. The a argument returns all IP addresses associated with your Droplet’s network interfaces.
Remove your Droplet’s Network Configuration
Alternatively, you can remove the private network interface configuration on your Droplet, permanently disabling it.
To do this, open your Droplet’s network configuration using nano, or your preferred text editor:
nano /etc/netplan/50-cloud-init.yaml
Then comment out the contents of the eth1 stanza by place a # in front of each line:
GNU nano 6.2 /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
version: 2
ethernets:
eth0:
addresses:
- 203.0.113.77/20
- 203.0.113.25/16
match:
macaddress: 86:bc:46:82:4d:95
mtu: 1500
nameservers:
addresses:
- 67.207.67.3
- 67.207.67.2
search: []
routes:
- to: 0.0.0.0/0
via: 203.0.113.65
set-name: eth0
# eth1:
# addresses:
# - 10.118.0.4/20
# match:
# macaddress: 5a:59:57:e0:f3:9d
# mtu: 1500
# nameservers:
# addresses:
# - 67.207.67.3
# - 67.207.67.2
# search: []
# routes:
# - to: 0.0.0.0/0
# via: 203.0.113.50
# set-name: eth1
Afterwards, save and exit the file.
Lastly, reboot your Droplet with the following command:
sudo reboot
The interface remains disabled after reboot. You can validate that the interface is down by running the ip utility with the -br flag again.
ip -br a
The command returns a table showing your Droplet’s network interfaces like this:
lo UNKNOWN 198.18.0.152/8 ::1/128
eth0 UP 203.0.113.50/20 233.252.0.7/16 fe80::dc6e:e3ff:fe4e:d974/64
eth1 DOWN
The eth1 interface should be listed as DOWN.
CentOS uses the ifcfg-eth1 configuration file to manage the eth1 interface. By moving this file to a different directory and deleting the eth1 connection from the NetworkManager, you can effectively disable the interface.
Use the following command to move the eth1 configuration file into the home directory:
mv /etc/sysconfig/network-scripts/ifcfg-eth1 ifcfg-eth1
By moving this file into the home directory, you can re-enable the connection later if needed.
Next, delete the eth1 connection from the NetworkManager using the NetworkManager’s CLI:
nmcli con del "System eth1"
Verify that the connection has been disconnected using the NetworkManager command:
nmcli
Lastly, reboot your Droplet with the following command:
sudo reboot
Once your Droplet has rebooted, log back in to your Droplet and verify that the connection has been disabled using the NetworkManager command:
nmcli
If the NetworkManager command returns that the eth1 connection’s status is connecting (getting IP configuration), wait a few minutes and check the status again.
To add the connection back to your Droplet, move the ifcfg-eth1 file back into the /etc/sysconfig/network-scripts directory and then reboot your Droplet.
Related Topics
eth0 and eth1.