Alpine and Xen Orchestration community edition client behind Ubuntu server NAT

I have below

ISP → [Wifi router + NAT] → [Wifi router + NAT] → [Ubuntu + NAT] → Alpine and Xen Orchestration VM

Ubuntu + Alpine + XO are all VM and have zerotier installed,

We have one private zerotier network 192.168.194.*
I have laptop connected to the network, always able to ping Ubuntu, but for Alpine and XO, If I leave it idle for a day, on next day I found it I cannot reach them anymore,

but if I goto Alpine and ping my laptop, for abit time it will reply,
and after that I see my laptop can ping to that Alpine,

below is my /etc/ufw/before.rules from Ubuntu server 21.04
##eth1 private lan
##wlan0 ubuntu wireless client

*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT

-A FORWARD -i eth1 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

/etc/default/ufw

DEFAULT_FORWARD_POLICY=“ACCEPT”

ufw status verbose

Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing), allow (routed)
New profiles: skip

Maybe any suggestion or advice? Thanks for the help!

just use this: