I have default forwarding set up on two SSIDs on a Groove running in Router Mode. When clients are connected to one network, they can not ping each other. Once I connect two devices on separate lans they are able to ping each other virtually negating the default forwarding. Am I missing something here?
Default forwarding is something that is done in hardware, and so two devices connected to the same SSID are blocked within hardware when default forwarding is turned off on that wireless interface. Since they are on different routed interfaces, that means they are going through the CPU to talk to each other, you need to set up the firewall to prevent communication between routed interfaces as well in that case.