Good Evening.
LAN1 -> LINUX_ROUTER -> LAN2
Response:
LAN2 -> CORE-ROUTER(with LINUX_ROUTER as default Gateway) -> LINUX_ROUTER | BLOCKED | LAN1
This may be the case as the CORE-ROUTER was not part of the network in good ol' slacky times.
You do have all your Routes Defined on all machines and routers? Last does that machine in question have it routes defined on it "route 10.x.x.x/x"?
I have defined a route to LAN2 over a gateway in LAN1 (same network segment) and all machines in LAN2 have the CORE-ROUTER defined as default gw which itself got a last resort to the LINUX_ROUTER.
Only other thing you can do is start from scratch. Save all your rules and add them one at a time. If you can't have it off the network reduce the rules to a bare minimum. Are the switches configured correct?
I wonder if netfilter just drops a package if it's response comes from a different MAC address.
Best Regards Marcus