OPNsense Forum

Hi all,
I just reinstalled my DEC 750 after changing the broken ssd.
Everything went great. I have a fresh new 25.7.
Once installed I connected to the default lan address (192.168.1.1) and loaded my backup file. everything went well, the router restarted, all my vlans and interfaces are there, my dhcp static mappings as well.
the problem: I connect the cable in my igb1 (lan) and I get a dhcp ip. all great.
the problem is I cannot ping my fw from my lan device or vice versa.
I am pretty stuck. no clue what's happening.

I see nothing in the logs:

tail -f /var/log/filter/latest.log

<134>1 2025-10-16T16:23:49+02:00 firewall.balaci.eu filterlog 82344 - [meta sequenceId="335"] 125,,,056f491d90cabb2432e063d44f2e443a,igb1,match,pass,in,4,0x0,,64,44626,0,none,17,udp,67,172.16.10.70,172.16.10.1,55846,53,47
<134>1 2025-10-16T16:23:57+02:00 firewall.balaci.eu filterlog 82344 - [meta sequenceId="336"] 125,,,056f491d90cabb2432e063d44f2e443a,igb1,match,pass,in,4,0x0,,64,0,0,DF,6,tcp,64,172.16.10.70,76.223.92.165,49670,443,0,SEC,3674017377,,65535,,mss;nop;wscale;nop;nop;TS;sackOK;eol
<134>1 2025-10-16T16:23:58+02:00 firewall.balaci.eu filterlog 82344 - [meta sequenceId="337"] 125,,,056f491d90cabb2432e063d44f2e443a,igb1,match,pass,in,4,0x0,,64,0,0,DF,6,tcp,64,172.16.10.70,13.248.212.111,49672,443,0,SEC,2784660919,,65535,,mss;nop;wscale;nop;nop;TS;sackOK;eol

root@firewall:/ # tail -f /var/log/dhcpd/latest.log
<190>1 2025-10-16T16:19:58+02:00 ****** dhcpd 44049 - [meta sequenceId="99"] Listening on BPF/igb1_vlan10/f4:90:ea:00:9f:4e/172.16.20.0/24
<190>1 2025-10-16T16:19:58+02:00 ****** dhcpd 44049 - [meta sequenceId="100"] Sending on   BPF/igb1_vlan10/f4:90:ea:00:9f:4e/172.16.20.0/24
<190>1 2025-10-16T16:19:58+02:00 ****** dhcpd 44049 - [meta sequenceId="101"] Listening on BPF/igb1/f4:90:ea:00:9f:4e/172.16.10.0/24
<190>1 2025-10-16T16:19:58+02:00 ****** dhcpd 44049 - [meta sequenceId="102"] Sending on   BPF/igb1/f4:90:ea:00:9f:4e/172.16.10.0/24
<190>1 2025-10-16T16:19:58+02:00 ****** dhcpd 44049 - [meta sequenceId="103"] Listening on BPF/igb1_vlan20/f4:90:ea:00:9f:4e/172.16.40.0/24
<190>1 2025-10-16T16:19:58+02:00 ****** dhcpd 44049 - [meta sequenceId="104"] Sending on   BPF/igb1_vlan20/f4:90:ea:00:9f:4e/172.16.40.0/24
<190>1 2025-10-16T16:19:58+02:00 ****** dhcpd 44049 - [meta sequenceId="105"] Listening on BPF/igb1_vlan30/f4:90:ea:00:9f:4e/172.16.30.0/24
<190>1 2025-10-16T16:19:58+02:00 ****** dhcpd 44049 - [meta sequenceId="106"] Sending on   BPF/igb1_vlan30/f4:90:ea:00:9f:4e/172.16.30.0/24
<190>1 2025-10-16T16:19:58+02:00 ****** dhcpd 44049 - [meta sequenceId="107"] Sending on   Socket/fallback/fallback-net
<190>1 2025-10-16T16:19:58+02:00 ****** dhcpd 44049 - [meta sequenceId="108"] Server starting service.
<187>1 2025-10-16T16:25:57+02:00 ****** dhcpd 44049 - [meta sequenceId="1"] Dynamic and static leases present for 172.16.10.70.
<187>1 2025-10-16T16:25:57+02:00 ****** dhcpd 44049 - [meta sequenceId="2"] Remove host declaration s_opt5_34 or remove 172.16.10.70
<187>1 2025-10-16T16:25:57+02:00 ****** dhcpd 44049 - [meta sequenceId="3"] from the dynamic address pool for 172.16.10.0/24
<190>1 2025-10-16T16:25:57+02:00 ****** dhcpd 44049 - [meta sequenceId="4"] DHCPREQUEST for 172.16.10.70 from 00:e0:4c:c2:06:9a via igb1
<190>1 2025-10-16T16:25:57+02:00****** dhcpd 44049 - [meta sequenceId="5"] DHCPACK on 172.16.10.70 to 00:e0:4c:c2:06:9a via igb1


seems to work well. but i have no direct access into the router, no matter what I do.

reverting to the old dhcp server fixed the issue. I suspect KEA firewall rules option is the issue.