back to

> I wonder if adding the client to the NoCat_Inbound chain will be enough?

It doesn't seem to be, and you can see why.

Assume Client A and Client B are associated with Node N.

A and B won't use Node N to talk IP to one another since they're on the same subnet. They'll just ARP for one another and go from there.

Is this a hostAP setting?