Route external traffic through Tailscale

I have a set up where I’d like to create something like this:

Internet <-> Server A <--- Tailscale ---> Server B 

Server A has two public IP addresses, and I’d like to route one to Server B.

I’ve setup server B as a subnet router for that public IP, and I can ping Server B from Server A through tailscale properly.

However, if the ping comes from somewhere else, the traffic goes out through the tailscale interface on Server A properly, but never seems to reach the tailscale interface on Server B (or at least tcpdump doesn’t report anything).

I have the default ACLs that, as far as I understand, allow everything.

I can only assume that Tailscale drops the packets for some reason, but I couldn’t find out why exactly?

You have two public IP addresses on server A, IP1 and IP2. The intent is to forward IP2 over to server B, and have server B respond as though it owns IP2?

Server B will need to be configured to have IP2 as one of its IP addresses on one of its interfaces, or it will just drop packets destined for IP2. I’d suspect that is what is happening here.

Thanks for answering, and sorry, it was a bit confusing.

One of the two IP is routed to the server by the ISP, but isn’t assigned on server A. It is however assigned on server B, and pings to that IP succeed if done by any tailscale client.

The issue is with traffic that originates from anything but tailscale clients. The packets go through the tailscale interface on server A, but nothing comes out on the tailscale interface of server B.

Would you please email us at with the Tailscale IPs of your nodes where you are facing this issue and capture the bugreport when you run into the issue?

Also provide us with the "Tailscale ping " and ping , from source to destination where you do not get the response.