Connecting to WAN inside same LAN
-
This is my Setup:
INTERNET
|
PF SENSE
|
|
–--------------------
| |
Workstation ServerWhen I connect to my server from my workstation using the server's WAN IP the connection is only about 2mb/s. But when I connect from my workstation to the server with the LAN IP the connection is reaching 10mb/s.
So somehow I guess pfSense is filtering all the traffic or something when I try to connect thru the WAN IP. Although my internet connection is just 0,7mb/s, so it's not like it's passing it through there.. Is there a setting or something for this?
-
just an initial reaction, without much thought, how old is your pfsense router. It looks like you have terrible throuput.
If you can get 10mbps on the LAN then the server must be configured inproperly to begin with, unless you run it on a 10mbps switch.
What kind of traffic is this, ssh?
-
just an initial reaction, without much thought, how old is your pfsense router. It looks like you have terrible throuput.
If you can get 10mbps on the LAN then the server must be configured inproperly to begin with, unless you run it on a 10mbps switch.
What kind of traffic is this, ssh?
It's a x86 Pentium 800mhz with 2 Intel Gigabit networkscard. The switch is also a gigabit..
I would guess it's a setting rather then an performance issue. And is this actually affecting the thoughput of my ppSense? When I look at the traffic graph I don't see any traffic when copying within the LAN (with the WAN IP)
The traffic I tried with is AFP (Apple Filing Protocol) on it's default port 548.
-
When you use the WAN IP, your client will send all traffic to pfSense, which then NATs it back onto the LAN interface and out to the server. This is expected behaviour, and there's nothing you can do about it that isn't a giant hack.
If you really need to use NAT reflection like this and can't just use the LAN IP, either live with it or upgrade your hardware so it can handle the traffic. Though I'd expect your machine to handle more traffic than that, just use the LAN IP on the LAN…
-
When you use the WAN IP, your client will send all traffic to pfSense, which then NATs it back onto the LAN interface and out to the server. This is expected behaviour, and there's nothing you can do about it that isn't a giant hack.
If you really need to use NAT reflection like this and can't just use the LAN IP, either live with it or upgrade your hardware so it can handle the traffic. Though I'd expect your machine to handle more traffic than that, just use the LAN IP on the LAN…
OK, thanks!
And there's no such settings like that pfSense is filtering all traffic inside the same LAN that I can turn off or something?
-
No. This is the way IP works; machines on a LAN can only talk directly to other hosts on the same subnet. If they need to talk to a machine on a different network, they need to send their traffic to a router to be delivered. Since your WAN IP address is not on the LAN subnet, your LAN clients have to send all their traffic destined for it to pfSense, which then rewrites it and sends it back out onto the LAN with the new LAN destination IP after the NAT rule is applied. You might be able to 'cheat' with static routes on the client machines, but it's rather a hack.
You can turn off NAT reflection altogether, in which case traffic for your WAN IP from inside the LAN will just be dropped, but I take it that's not what you're looking for ;).
Why can't you just use the LAN IP?
-
Or access the internal server via a name?
You could then do split DNS for the internal server. (And thus access it with it's internal IP directly)