Port forwarding broken on one VLAN only

[CJ]

I have port 123 on all of my network segments being redirected to OPNSense via a NAT Port Forward.  This works on all of them except for one VLAN.  AFAICT, there are no differences in the rules configured for the various segments.

If I do a packet capture, I can see all of the NTP requests being generated, but OPNSense never replies back to any client on this VLAN.  NTP is configured for all interfaces.

The only difference I can find is in the Firewall Live View.  The successful segments all look like this.

   VLAN1   ->   CLIENTIP:123   OPNSENSEIP:123   udp   Redirect NTP to OPNSense
   VLAN1   ->   10.2.90.10:123   NTPSERVER:123   udp   rdr rule

The problem VLAN looks like this.

   VLAN2   <-   CLIENTIP:49761   OPNSENSEIP:123   udp   let out anything from firewall host itself   
   VLAN2   ->   CLIENTIP:49761   OPNSENSEIP:123   udp   Redirect NTP to OPNSense   
   VLAN2   ->   CLIENTIP:49761   NTPSERVER:123   udp   rdr rule

Weirdly, on LAN there's only this.

   LAN      ->   CLIENTIP:40727   NTPSERVER:123   udp   rdr rule

Any suggestions of what to check next?

Thanks.

[CJ]

Where's my facepalm emoji?  Turns out that the gateway on the VLAN was set differently from all of the others, so when the NTP requests were port forwarded, there was nothing there to listen to them.

Setting the gateway to the correct ip fixed the issue.