How to get my bitcoin node to accept incoming connections on tailscale

i am routing all traffic through a tailscale exit node on a vps. i have connected my bitcoin node to it and opened port 8333 on the exit node firewall but i get no incoming connections to my bitcoin node, only outgoing connections. i must be missing something simple but i can’t figure out what it is. can anyone help me out with this?