Source IP Anchoring

I need to know the Tailscale ip range so I can put an allow list on my firewall. I tried the private ip’s but that makes no sense since it’s a tunnel. I am able to SSH from my server in the cloud to my client on a private network, but not the other way around, likely because the firewall on my cloud server is pinned to specific IP sources

I am getting this error:
HTTP response: 502 Bad Gateway, dial failure: dial tcp 100.x.x.x:22: connect: connection timed out