diff --git a/sandboxes/nemoclaw/policy.yaml b/sandboxes/nemoclaw/policy.yaml
index 3a1422e..d7ec59b 100644
--- a/sandboxes/nemoclaw/policy.yaml
+++ b/sandboxes/nemoclaw/policy.yaml
@@ -127,3 +127,16 @@ network_policies:
       - { path: /usr/local/bin/claude }
       - { path: /usr/bin/gh }
 
+  # --- Private network access (allowed_ips) ---
+  # Allows any binary to reach services on the k3s cluster pod network
+  # (10.42.0.0/16). Without allowed_ips, the proxy's SSRF check blocks
+  # all connections to private RFC 1918 addresses.
+  cluster_pods:
+    name: cluster-pods
+    endpoints:
+      - port: 8080
+        allowed_ips:
+          - "10.42.0.0/16"
+    binaries:
+      - { path: "/**" }
+
diff --git a/sandboxes/openclaw/policy.yaml b/sandboxes/openclaw/policy.yaml
index 9e2ef78..fc0e225 100644
--- a/sandboxes/openclaw/policy.yaml
+++ b/sandboxes/openclaw/policy.yaml
@@ -126,7 +126,18 @@ network_policies:
       - { path: /usr/local/bin/claude }
       - { path: /usr/bin/gh }
 
-
+  # --- Private network access (allowed_ips) ---
+  # Allows any binary to reach services on the k3s cluster pod network
+  # (10.42.0.0/16). Without allowed_ips, the proxy's SSRF check blocks
+  # all connections to private RFC 1918 addresses.
+  cluster_pods:
+    name: cluster-pods
+    endpoints:
+      - port: 8080
+        allowed_ips:
+          - "10.42.0.0/16"
+    binaries:
+      - { path: "/**" }
 
 inference:
   allowed_routes: