Specific Websites not reachable after Upgrade to 25.7.10

[mike175de]

i use opnsense behind a fritzbox as exposed host. the opnsense box has the internal ip 192.168.178.10. after upgrading to the latest version of opnsense 25.7.10-amd64 some websites could not be reached anymore. the livelog shows e.g for the ip 167.86.81.230 (dns resolution is working):

Code Select Expand

WAN
incoming
2025-12-19T13:09:03
TCP
167.86.81.230:54874
192.168.178.10:443
rdr
rdr rule

LAN
outgoing
2025-12-19T13:08:58
TCP
192.168.2.4:52140
167.86.81.230:143
pass
Route LAN and WLAN to WAN
rdr rule0 in detail:

Code Select Expand

__timestamp__ 2025-12-19T13:09:03
ack
action [rdr]
anchorname
datalen 0
dir [in]
dst 192.168.178.10
dsthostname 192.168.178.10
dstport 443
ecn
id 18564
interface igc0
ipflags DF
ipversion 4
label rdr rule
length 60
offset 0
protoname tcp
protonum 6
reason match
rid
rulenr 7
seq 1770303001
src 167.86.81.230
srchostname virmai.de
srcport 54874
status 1
subrulenr
tcpflags S
tcpopts
tos 0x0
ttl 54
urp 64240
Route LAN and WLAN to WAN in detail:

Code Select Expand

__timestamp__ 2025-12-19T13:08:58
ack
action [pass]
anchorname
datalen 0
dir [in]
dst 167.86.81.230
dsthostname virmai.de
dstport 143
ecn
id 39268
interface igc1
ipflags DF
ipversion 4
label Route LAN and WLAN to WAN
length 60
offset 0
protoname tcp
protonum 6
reason match
rid 1f833f8711799f3295b251e2b7f9b26d
rulenr 86
seq 3323021251
src 192.168.2.4
srchostname
srcport 52140
status 0
subrulenr
tcpflags S
tcpopts
tos 0x0
ttl 64
urp 64240
it seems that opnsense doesn't redirect to the right internal ip address? but why only specific websites/external ip-addresses?

any help is appreciated. if more information is needed, please let me know.

Greets, mike175de

[mike175de]

I tried to solve the problem with AI (not a fan of AI, but...). The Ai says it is the automatic rule that blocks an causes Permission denied  in traceroute:

Code Select Expand

block drop in log on ! igc0 inet from 192.168.178.0/24 to any
Maybe that helps?

I am stucked...