pfSense

[I did discuss this in the forum, and I am aware it sounds unlikely, but haven't found a solution so far. It does look like a bug. 'Works for me': I believe so. But here it doesn't and I would like to go to the bottom of it.]]

It is impossible to connect to pfsense box from DHCP-assigned client. (pfsense 2.5.2 out of the box)

3 interfaces: WAN, dhcp4 client. 2xLAN, as DHCP servers.
LAN1: 192.168.1.200/24, DHCP range 192.168.1.101-199
LAN2: 192.168.2.1/24, DHCP range 192.168.2.101-199
A client on LAN2 obtains a proper dhcp4 address (release-renew) of 192.168.2.101. Checks.
netstat rn among others says 0.0.0.0 192.168.2.1. Checks.
However, ping 192.168.2.1 from that client fails. nmap -Pn says 192.168.2.1 is up, but all ports closed.
ping from 192.168.2.1 to that client works.
> DHCP gives out proper address, nameserver, gateway. Link is up: gateway can ping client. BUT: client cannot connect to gateway.
Firewall rules: only automatic, basic:
WAN 127.0.0.0/8 ::1/128 192.168.1.0/24 192.168.2.0/24 * * * WAN address * Auto created rule
IPv4 LAN net * * * * none Default allow LAN to any rule

What I have done so far:
Fresh install
Other, similar machine
Changing interface hardware (NIC)