Client works on except when on AT&T cellular

I’m running 1.8.5 on MacOS.

When I connect from random wi-fi (I was at a hospital), I was able to access my home subnet, so I know that’s configured properly.

However, when I switched to my AT&T phone hotspot, it started using a relay (even though there was a direct connection via an open port at my house), and I lost access to the subnet.

I’m pasting in the status command results (cellular on top, wi-fi on bottom):

Interestingly, this works from my phone directly, but not from my hotspot (even though both work fine with Wireguard directly).

I want to confirm @ytechie 's issue, or something nearly identical to it. I also am an AT&T subscriber for my cellular service.

I have several devices with Tailscale installed, recognize and connected per the Tailscale status page.

One of them is a small ARMv5/Kirkwood linux box, on which I have Lighttpd serving up a dummy static web site.

Using my iphone, which is also running Tailscale, I can browse that dummy static website just fine with (wifi off ) using only cellular + VPN/Tailscale.

So… http access works fine (port 80). But if I try to connect to the same ARMv5 linux box with ssh, I get nowhere.

Is this some messing with NAT just for port 22 that AT&T does?