Okay, I try to explain the situation. There is a physical root server. On that root server (internal IP 192.168.1.66, external 194.x.x.x) runs KVM as virtualization. The virtualizied VM’s inlcude Web-Server, DNS-Server, Mail-Server and so on.
On the root server exists an internal network which has a connection to internet over the firewall on the root server and NAT. vmbr0 includes the external interfaces and the whole external IPs which are natted over vmbr1 with the IP 192.168.1.66. It’s a firewall with two interfaces which is shown here Shorewall Firewall. The firewall/router in the pictures is vmbr0 on my system.
In my case, I can’t shutdown the firewall because it’s needed by the Mail server, DNS, Web server and so on.
But I have rebuild Icinga Master and Icinga client on testing VM’s in the same network 192.168.200.0 where the connection runs.
I will try to find the solution for the right rules.
Best regards
BrotherA