As you've indicated, the "nas3" hostname apparently resolves to addresses for both IPv4 and IPv6. Some of your clients are trying to connect through IPv6 and being blocked, because your hosts.allow file only permits certain IPv4 addresses.
The ssh utility has options to force it to use IPv4 or IPv6. You can force IPv4 on the command line:
ssh -4 config@nas3 -p 1636 ^^--- Force IPv4, or -6 to force IPv6Or you can specify it in your .ssh/config configuration file:
Host nas3 AddressFamily inet # or "inet6" for IPv6Alternately, you could edit your hosts.allow file to permit IPv6 addresses:
An expression of the form '[n:n:n:n:n:n:n:n]/m' is interpreted as a '[net]/prefixlen' pair. An IPv6 host address is matched if 'prefixlen' bits of 'net' is equal to the 'prefixlen' bits of the address. For example, the [net]/prefixlen pattern '[3ffe:505:2:1::]/64' matches every address in the range '3ffe:505:2:1::' through '3ffe:505:2:1:ffff:ffff:ffff:ffff'.
If you don't specify address family, ssh may use either protocol and it may try IPv6 first. I spent some time looking through the ssh source code, but I wasn't able to determine what controls that. It may be controlled by the operating system. Your WIFI hosts may be connecting through IPv4 because their WIFI network interface doesn't have an IPv6 address assigned to it.