I have 2 dedicated Debian 11 servers A.B.C.159 and A.B.C.165 on Hetzner and they are located at the same subnet (the same switch). I was surprised that both servers can not ping each other. So I asked support and they replied to me:
Both servers are connected to the same switch. If you need a connection between the servers, you have to set a static route on each server (if using DHCP) or change their netmask to /32 (if using static IP configuration). This is necessary as we use the "protected ports" security feature on our switches.
Here is an example of how you can add the static route on linux:
ip route add <OTHER-IP>/32 via <GATEWAY> dev <NETWORK-DEVICE>
I'm using debian 11 on both servers and here's my /etc/network/interfaces:
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp7s0
iface enp7s0 inet manual
up route add -net A.B.C.128 netmask 255.255.255.192 gw A.B.C.129 dev enp7s0
auto vmbr0
iface vmbr0 inet static
address A.B.C.159/26
gateway A.B.C.129
bridge-ports enp7s0
bridge-stp off
bridge-fd 0
up ip route add A.B.C.165/32 via A.B.C.129 dev vmbr0
auto vmbr1
iface vmbr1 inet static
address 192.168.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
What exact string and where in this config should I add? I tried many variations but nothing worked.
