Can one computer connected to a wireless access point or router access another computer's web server?

Solution 1:

For example, is the principle this: when a wireless router is used, it creates an isolated LAN?

Yes, sort of, but for different reasons – it's not inherently isolated just because there's a router.

1. Routers don't automatically know all their routes. If you connect two routers together, even though there's no deliberate "isolation", they simply won't know where to send packets to a distant network unless you tell them (by defining a route).

2. Most "wireless routers" are designed specifically to sit between the internet and a LAN, so they additionally have firewalling and NAT to accomodate this. Even with correctly defined routes, the firewall may still block packets in one direction (under the assumption that they come from the internet).

how the subnet mask works with this

It doesn't do much. The subnet mask only informs devices about which addresses should be considered local (i.e. physically on the same layer-2 network and therefore can be accessed without using a router/gateway).

Is it true that if the WAP is a strict WAP, then it'd work, but if the computer running the web server is actually connected to a wireless router (wirelessly), then other devices connected to the other WAP cannot access it? Can it be made to work? For example, what if the wireless router has some Ethernet port, and the other WAP (or wireless router) is plug into that port? (I cannot try them easily as they are set up downstairs and upstairs for now).

Depends on how they're connected. Most "wireless routers" have a built-in switch as well – all 'LAN' Ethernet ports are bridged together (and bridged with the Wi-Fi network), and the router only sits between the 'LAN' bridge and the 'WAN' port.

• If you connect the 2nd router's LAN port to the 1st router's LAN (leaving the WAN port unused), you still have exactly one network. Everything connected to Wi-Fi or Ethernet LAN of both routers will belong to the same subnet, will use the same addressing, and will be able to access each other directly.

  Essentially this turns the 2nd router into just a WAP – packets are bridged through, without routing. Note that if you do this, you must disable a few of the "router" features in the 2nd router (specifically DHCP service and UPnP) so that they don't interfere with the DHCP advertisements from the 1st one.

• If you "chain" or "nest" the two routers (so that the 2nd router's WAN port is connected to the 1st one's LAN ports), then you'll have two separate subnets. Connected this way, devices on the 2nd router could access devices on the 1st one, but – by default – not the other way around.

  To make connections "inwards" work, the outer router (or the individual devices on the outer subnet) needs a route configured towards the inner subnet, specifying the inner router as the 'gateway'. Meanwhile, the inner router needs to have its firewall filtering disabled to allow those connections through (and ideally it should also have NAT disabled, as "double NAT" is somewhat undesirable).

  (This is assuming that the networks of the two routers are numbered differently and do not conflict. If both routers have identically numbered networks, e.g. if both of their LANs are 192.168.1.0/24)

So theoretically, if we have 2 wireless routers, then a computer connected to the WR1 supposedly cannot access any computer or device on WR2? (Both WR1 and WR2 are connected to the same Switch first).

If the switch goes to the routers' "WAN" ports – yes, by default, they cannot. The two routers have distinct "LAN" networks physically (meanwhile the WAN ports and switch exist in a third network), and neither of them knows where to reach the other network.

However, it should be possible to add custom routes on both routers, specifying that the "other LAN" is reachable through the other router. This is very similar to the "nested" situation above, except now it's symmetric.