Automatic Host Endpoints break egress gateway

Hello. I have a fresh 2-node cluster (1 master, 1 worker) running Calico Enterprise. I purchased a /27 from my ISP and configured the requisite egress gateways on the worker. With an Alpine Linux pod running on the master, I am able to access the Internet via the worker without issue. The moment I enable automatic HEP generation, connectivity stops (DNS works, but I am unable to ping a host outside the cluster). The moment I disable HEP generation, connectivity is restored. I have not created any policies beyond what Calico installs by default.

Below is my Installation resource:

apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
  name: default
spec:
  calicoNetwork:
    bgp: Enabled
    mtu: 1400
    ipPools:
      - blockSize: 24
        cidr: 10.0.0.0/16
        encapsulation: None
        natOutgoing: Enabled
        nodeSelector: all()

Below is my egress pool resource:

apiVersion: projectcalico.org/v3
kind: IPPool
metadata:
  name: egress-subnet-0
spec:
  cidr: .../27
  blockSize: 32
  nodeSelector: "!all()"
  vxlanMode: Never

I am using the following commands to create and remove the HEPs:

kubectl patch kubecontrollersconfiguration default --patch='{"spec": {"controllers": {"node": {"hostEndpoint": {"autoCreate": "Enabled"}}}}}'
kubectl patch kubecontrollersconfiguration default --patch='{"spec": {"controllers": {"node": {"hostEndpoint": {"autoCreate": "Disabled"}}}}}'

Anyone know what could be going wrong?