Hi there,
after getting a wifi module that’s working with hostapd I removed my external wlan-router (attached to green) and enabled the hotspot on blue.
Finally I ran into the similiar problems like the OP and Sébastien.
The solution by Sébastian made it!
I think the different experiences of Jon and others maybe due to their proxy settings?!
After enabling the internal proxy access
BLUE to GREEN and Proxy I could access the webserver of a device - BUT I still wasn’t able to access other services like ssh on the device.
Enabling the source nat finally did it!
Cheers,
Stephan