Okay, after noticing the above pattern, that is, I could ping clients on 192.168.2.0/24 but I couldn't ping 192.168.2.100 or whatever I had the WAP set to, I thought something must be different. Afterall, each device, the client and WAP, both had an IP. Both resided on same network... but what was different?
In short, I think this was the problem. (Excuse my language, it is probably not technically correct or up to the standard of many of the professionals who do this for a living
)
My ping and HTTP requests from 192.168.1.0/24 to the WAP were directed and received. However, the packets were originating from 192.168.1.50; on a different network, so how to send response? The WAP needed a gateway to send reply via, otherwise it would do... not much.
I tested my theory by placing a wireless client on 192.168.2.0 without a DNS or gateway... to emulate the WAP sitting there. I installed firewall software and then did the ping test. Sure enough, the packet is received... but no reply is sent back. As soon as I put in a gateway, 192.168.2.1, connectivity is restored.
But how to put gateway into the converted-WRT router?
First led to this page --
http://www.informatione.gmxhome.de/DDWRT/Standard/V23final/index-2.htmlDD-WRT software which fortunately ran on my router. I tried it and success, it worked. You will see in the above picture it has the option to set the device's IP, as well as DNS and gateway. The Linksys did not have this option, unfortunately.
I searched around to find out more.. eventually I learned of Static routes... and in fact, the above page, where you have the option to enter a gateway, simply created a static route in the route table. After discovering this, I read up and eventually found I can do this with Linksys firmware.
Despite the appearance of numerous more options and advantages of DD-WRT, I decided that if it died, i would be in trouble, so I decided to go back to Linksys Official firmware.
In the end the solution was simple. Create a static route for all data with destination 192.168.1.0/24 to go via 192.168.2.1 gateway. Voila, and now I can talk to the WAP and configure any settings via wired connection, rather than wireless.
And thanks to m0n0wall, filtering in place to deny traffice between WLAN and LAN interfaces, leads to what I believe a fairly secure setup.
Thanks for reading! I sure did learn something. Hope this might help someone in the future.