I cannot IPv4-ping mac from iPad, but can from other machine; all on same subnet

I concur with MrHoffman. My spin on this is given what you’ve described, the fact that your router can ping your Mac but your iPad can’t suggests the problem isn’t a pure layer-3 reachability issue — it’s more likely an endpoint or network isolation rule blocking the traffic between those two devices. Since both are in the same /26 (xx.yy.zz.192–xx.yy.zz.255), there should be no routing in between, so any block is probably happening at the Mac or on the Wi-Fi/AP side.

On the Mac, macOS’s built-in application firewall (System Settings → Network → Firewall) can absolutely drop ICMP echo requests from other LAN clients, especially if “Stealth Mode” is enabled. Stealth Mode explicitly ignores ping requests and certain probes. Even if the firewall is “off” for apps, Stealth Mode might still block you. Also, if your iPad is connected via Wi-Fi but your Mac is wired, some routers or APs run “client isolation” — this prevents wireless clients from talking directly to other clients on the same network, especially wired-to-wireless communication.

I suggest you try the following test:

1. On your Mac, go to System Settings → Network → Firewall and temporarily disable it (and Stealth Mode if enabled).
2. If that doesn’t fix it, check your Wi-Fi access point’s settings for “AP isolation,” “Wireless isolation,” or “Client separation,” and disable it for the SSID your iPad is using.
3. Try testing on the same interface — either plug your iPad into Ethernet via an adapter (or hotspot to the Mac via Wi-Fi) to see if ICMP works. If it works on the same interface, the block is likely at the AP level, not macOS.

If you are familiar with how to read tcpdump output, you can analyze a dump to see if your iPad's pings are actually arriving at the Mac.

1. On the iPad: Settings → Wi-Fi → tap the “i” next to your network → note the IPv4 address. Let’s say it’s `xx.yy.zz.193`.
2. Open Terminal on your Mac and run this command, replacing `xx.yy.zz.193` with your iPad’s IP: sudo tcpdump -n icmp and host xx.yy.zz.193 This will show any ICMP packets (pings) between the Mac and that IP. You’ll be prompted for your admin password.
3. You’ll need an app on the iPad that can ping — something like “Ping” from the App Store. Ping the Mac’s IPv4 address from your iPad while tcpdump is running.
4. Interpret the results: If you see `icmp echo request` lines in tcpdump, your iPad’s pings are reaching the Mac, but the Mac isn’t replying — likely macOS firewall/Stealth Mode blocking it. If you see nothing, the packets aren’t even arriving at your Mac — that points to AP isolation or another network-layer block between wired and wireless.

It is decidedly odd that traceroute is working, and ping is not.

Tried a traceroute from the iPad? (I’m using an app called nice trace for that.)

Any VPNs?

RFC1918 documents the private IP blocks, and RFC6890 documents the test- and documentation-related IP blocks. These blocks are not publicly routable, and are available for uses including documentation and questions.

As for the subnets, my mistake. These are in the same /26 subnet. Clearly, I use /26 approximately never.

What’s the traceroute show?

Any VLANs here?

Your network router or firewall is apparently blocking ICMP traffic between your two subnets in 192.0.2/26 or whatever range you’re using.

For example in 10.10.10/26:

Here assuming this is a public IP address range too, as a /26 would be an odd configuration choice in a private block, particularly given the availability of 10/8, and 172.16/12, per RFC1918 et al. In a private block, /24 would be more typical, and also less likely to entangle IoT and other such potentially-CIDR-confused gear.

You have two /26 subnets, or you’re using addresses outside your /26.