Firewalling for Local KVM Pods

Hi everyone.

I have a local MAAS 2.5.1 installation for development and testing. The host is both region and rack controller, and set up as a KVM pod.

The KVM/MAAS network setup is the typical one, with the default virbr0 left as is and a new one created that MAAS provides DHCP on.

From the syslog, it isn’t obvious what is being blocked by my firewall to cause an issue, but commissioning and deployment only complete when I turn it off. I have the MAAS port open to the bridges.

This is from /var/log/maas/regiond.log:

2019-03-29 06:13:55 maasserver.models.signals.power: [critical] Failed to update power state of machine after state transition.
        Traceback (most recent call last):
          File "/usr/lib/python3/dist-packages/twisted/internet/", line 653, in _runCallbacks
            current.result = callback(current.result, *args, **kw)
          File "/usr/lib/python3/dist-packages/maasserver/models/", line 4210, in cb_power_control
            d = getClientFromIdentifiers(client_idents)
          File "/usr/lib/python3/dist-packages/provisioningserver/utils/", line 161, in wrapper
            return func(*args, **kwargs)
          File "/usr/lib/python3/dist-packages/provisioningserver/utils/", line 102, in wrapper
            return maybeDeferred(func, *args, **kwargs)
        --- <exception caught here> ---
          File "/usr/lib/python3/dist-packages/twisted/internet/", line 150, in maybeDeferred
            result = f(*args, **kw)
          File "/usr/lib/python3/dist-packages/maasserver/rpc/", line 36, in getClientFromIdentifiers
            "available." % ','.join(identifiers))
        provisioningserver.rpc.exceptions.NoConnectionsAvailable: Unable to connect to any rack controller ywwsnq; no connections available.

What needs exposure so the rack controller can be talked to?

I also tried allowing all TCP ingress to the port ranges listed in the documentation:

No success.