I replaced my TP-Link router with a PC running Linux, hostapd, dnsmasq etc.

On the old router, I used to be able to SSH from one AP client to another. On this new router, I can't. They're all inaccessible to each other. How can I recover that feature?

Note #1: I don't have any Windows machines, just Linux and Android, so I assume I don't need Samba to exchange files across machines. I just need SSH. In fact, blocking Windows machines would be a bonus.

Note #2: I am using this firewall script, but I could not SSH across machines even before I installed it. I am just mentioning it because it certainly is blocking something and should probably be taken into consideration for a potential solution to my problem.

Can we assume your devices are being assigned an IP address using DHCP and can access the internet? Are these all wireless devices or are some of them wired? Can the wireless devices ping the new router and ping other wireless devices?

* devices are being assigned an IP address using DHCP - check
* can access the internet - check
* all wireless devices - check
* the wireless devices can ping the new router and ping other wireless devices - check

I've got it all so far. What else do I need?

Are you trying ssh with a hostname or IP address? Are you using ports other than 22?
What happens when you try:

ssh name@IP_address

OK, I have a PC (Linux), a tablet (Android) and a phone (Android).

I just ran an SSH server on the tablet and it all worked. That's something I overlooked. But that's not the way I'm used to. I usually run a file explorer application on the phone and the tablet that can browse network folders. It can use Samba, which I did a long time ago, and it can use SSH. I prefer SSH now and it works on the TP-Link router, but won't work on the home brew router.

Each router assigns different IPs to the PC so I have to have a different configuration depending on which router I am using, but the two configurations are exactly the same except for the IP.

On the home brew router, the application complains:
"failed to connect to 10.40.40.21 (port 220) after 15000ms: isConnnnected failed: ECONNREFUSED (Connection refused)"

Port 220?

Why not?

It is reserved for IMAP, did you specifically configure your SSH daemon to listen on port 220?

Yes, I did. Never had a problem with that. I don't have IMAP. Never have and never will.

Is there some kind of security concern?

Are you attempting root login? An upgrade may have disabled password based root logins.
Re: Port 220. I wouldn't bother changing port on LAN machines. You can always change the port with port forwarding for internet access if you wish.

root login is disabled. At any rate, remember that everything works when I associate all the stuff to the old router.

About port forwarding, I can't do that. I am very network-illiterate. I also don't know how to assign fixed IPs to each client, like I used to do on the TP-Link router.

What application? Which device is the server and which is the client?

What device was the client?

The client application is called X-plore. It's an Android app. The server is regular sshd (openssh) on a Debian Linux box.

That was a quick test. I ran SSH Server on the tablet and connected to it from the Linux PC. That worked.