Can ping subnet machines but not access their services (e.g. port 80) from tailnet

I have a private network, it contains some hosts with port 80 services.
On the I also have a tailscale host which is also a subnet router - has ipv4 forwarding.
Other devices on the tailnet can ping devices on but cannot access said port 80 services.


// Example/default ACLs for unrestricted connections.
	// Declare static groups of users beyond those in the identity service.
	"groups": {
		"group:example": ["", ""],

	// Declare convenient hostname aliases to use in place of IP addresses.
	"hosts": {
		"example-host-1": "",

	// Access control lists.
	"acls": [
			"action": "accept",
			"users":  ["*"],
			"ports":  ["*:22", "*:3389", "*:80", "*:443"],
	"ssh": [
		// Allow all users to SSH into their own devices in check mode.
		// Comment this section out if you want to define specific restrictions.
			"action": "check",
			"src":    ["autogroup:members"],
			"dst":    ["autogroup:self"],
			"users":  ["autogroup:nonroot", "root"],

Is it possible to have some suggestions to try and troubleshoot? Thanks in advance.


“action”: “accept”,
“src”: [“autogroup:members”],
“dst”: [“”, “”, “”, “”,],

Thanks for the suggestion. I think the problem was OS related - the VM has been reinstalled and works now.