Skip to navigationSkip to main contentSkip to footerScaleway DocsAsk our AI
Ask our AI
Log inSign up

How to remove the public IP address of a Mac mini

After enabling Virtual Private Cloud (VPC) on your Mac mini, you can enhance the security of your server by further restricting external access. This guide walks you through a series of steps to ensure that your Mac Mini is isolated from unauthorized access while maintaining necessary connectivity for management and maintenance.

By following these instructions, you will learn how to create a secure environment that uses Private Networks and an SSH Bastion to protect your machine from being reachable on the public Internet, while maintaining outgoing connectivity from the Mac mini.

Before you start

To complete the actions presented below, you must have:

Important

Before proceeding, note that removing the public IP from your Mac mini will have some side effects:

  • You will no longer be able to reload SSH keys from the console.
  • Scaleway's ability to monitor your server will be limited. Some actions, such as rebooting your machine, may result in an error state displayed in the console (although it will not prevent you from using your server).

Enabling Private Networks for your Mac mini

  1. Click Apple silicon in the Bare Metal section of the side menu. The Apple silicon splash screen displays.
  2. Click the Mac mini you want to enable Private Networks on. The Mac mini's Overview page displays.
  3. In the Private Networks feature section, click Enable Private Networks to enable the feature. A pop-up displays, asking you to confirm that you want to enable Private Networks, and showing the estimated cost.
  4. Click Enable Private Networks.

Setting up Private Networks/VLAN

  1. Click Apple silicon in the Bare Metal section of the side menu. The Apple silicon splash screen displays.
  2. Click the Mac mini you want to attach to a Private Network. The Mac mini's Overview page displays.
  3. Click the Private Networks tab.
  4. Click + Attach to a Private Network. A pop-up displays.
  5. Select the Private Network you want to attach the Mac mini to. You can either auto-allocate an available IP from the Private Network's pool (default) or reserve a specific IP for your Mac mini using IPAM.
  6. Click Attach to Private Network.

Configuring the Private Network on your Mac mini

On your Mac mini, set up the Private Network/VLAN. You can follow our guide How to configure the VLAN interface on your Mac mini for Private Networks for more information.

Setting up a Public Gateway with SSH Bastion

  1. Create a Public Gateway.
  2. Enable SSH Bastion. This will allow you to securely access your Mac mini.
  3. Connect to your machine through the Bastion. Verify that you can connect to your Mac mini through the Bastion.
Tip

You can also use the Bastion to connect to the remote desktop of your Mac using SSH port-forwarding. To do this, forward traffic to port 5900 of your machine to reach the VNC service. This is a different port than the public VNC port displayed in your console.

Disabling DHCP on the public interface and removing the public IP address

Once you have verified that your Mac mini is reachable through the Bastion, you can proceed with disabling DHCP on your Mac's main network interface (en0) and removing its public address.

  1. Open a terminal on your Mac mini.
  2. Run the following command to disable DHCP and remove the public IP address from the Ethernet interface: 
    sudo networksetup -setv4off "Ethernet" <PUBLIC_INTERFACE_IP_ADDRESS>
    Tip

    You can also disable the public IP address through the graphical interface when connected via VNC through the SSH bastion. To do this, disable DHCP for the Ethernet network adapter.

    Important

    Incorrectly configuring the network settings can cause a loss of network connectivity. Before making changes, back up your data. If you lose connectivity, you might need to reinstall the system to restore it.

Your Mac mini is now fully isolated from the public internet, and any further external access will have to occur from a resource inside the Private Network or through the Bastion.

Tip

Your Mac mini will still be able to access the internet through the gateway if needed.

See Also
How to use Private NetworksHow to install a package manager
Still need help?

Create a support ticket
No Results