Why does Slate AX need extra Firewall config in LuCI for Tailscale, but the Beryl AX doesn't?

It seems everyone who uses a Slate AX as a client router with Tailscale needs to edit their Firewall settings as such:

But on my Beryl AX I just left all these settings at default and it connects via the custom exit node fine. Just wondering why the difference?

Default settings:

My best guess is that the difference in chipset and kernel have something to do with it.

@hansome maybe you know this one?

I tested slate ax tailscale, it also works without extra firewall confi in luci.
What’s the firmware version?
Could you please print the iptables:


And please check if there are subnet conflicts for Slate ax and Beryl ax.

Perhaps it’s only for when the router is being used as an exit node?

Do you use slate ax as an exit node? Are you using firmware 4.4.6 or 4.5?

I’m actually not using the Slate AX, but just noticed from others who have asked for my help in setting theirs up. I believe they were just using it as a client. Firmware probably 4.4.6 because nothing ever works on 4.5 so far.

I suggest upgrading to firmware 4.5, if it still needs extra firewall rule, please export system log.