Was this page helpful?

How to remove the public IP address of a Mac mini

Reviewed on 13 May 2025 • Published on 13 May 2025

After enabling Virtual Private Cloud (VPC) on your Mac mini, you can enhance the security of your server by further restricting external access. This guide walks you through a series of steps to ensure that your Mac Mini is isolated from unauthorized access while maintaining necessary connectivity for management and maintenance.

By following these instructions, you will learn how to create a secure environment that uses Private Networks and an SSH Bastion to protect your machine from being reachable on the public Internet, while maintaining outgoing connectivity from the Mac mini.

Before you startLink to this anchor

To complete the actions presented below, you must have:

A Scaleway account logged into the console
Owner status or IAM permissions allowing you to perform actions in the intended Organization
A Mac mini

Important

Before proceeding, note that removing the public IP from your Mac mini will have some side effects:

You will no longer be able to reload SSH keys from the console.
Scaleway’s ability to monitor your server will be limited. Some actions, such as rebooting your machine, may result in an error state displayed in the console (although it will not prevent you from using your server).

Enabling Private Networks for your Mac miniLink to this anchor

Click Apple silicon in the Bare Metal section of the side menu. The Apple silicon splash screen displays.
Click the Mac mini you want to enable Private Networks on. The Mac mini’s Overview page displays.
In the Private Networks feature section, click Enable Private Networks to enable the feature. A pop-up displays, asking you to confirm that you want to enable Private Networks, and showing the estimated cost.
Click Enable Private Networks.

Setting up Private Networks/VLANLink to this anchor

Click Apple silicon in the Bare Metal section of the side menu. The Apple silicon splash screen displays.
Click the Mac mini you want to attach to a Private Network. The Mac mini’s Overview page displays.
Click the Private Networks tab.
Click + Attach to a Private Network. A pop-up displays.
Select the Private Network you want to attach the Mac mini to. You can either auto-allocate an available IP from the Private Network’s pool (default) or reserve a specific IP for your Mac mini using IPAM.
Click Attach to Private Network.

Configuring the Private Network on your Mac miniLink to this anchor

On your Mac mini, set up the Private Network/VLAN. You can follow our guide How to configure the VLAN interface on your Mac mini for Private Networks for more information.

Setting up a Public Gateway with SSH BastionLink to this anchor

Create a Public Gateway.
Enable SSH Bastion. This will allow you to securely access your Mac mini.
Connect to your machine through the Bastion. Verify that you can connect to your Mac mini through the Bastion.

Tip

You can also use the Bastion to connect to the remote desktop of your Mac using SSH port-forwarding. To do this, forward traffic to port 5900 of your machine to reach the VNC service. This is a different port than the public VNC port displayed in your console.

Disabling DHCP on the public interface and removing the public IP addressLink to this anchor

Once you have verified that your Mac mini is reachable through the Bastion, you can proceed with disabling DHCP on your Mac’s main network interface (en0) and removing its public address. Your Mac mini is now fully isolated from the public internet, and any further external access will have to occur from a resource inside the Private Network or through the Bastion.

Tip

Your Mac mini will still be able to access the internet through the gateway if needed.