Slow static IP routing

RonRN18

I had to rebuild my pfSense from scratch about a month ago due to a catastrophic failure of unknown etiology. I thought I set things up the same as before, but I've also done a few new things in the process... so I've likely either overlooked something obvious that I can't figure out or maybe it is just due to something new. Whichever it is, I'm needing some pointers to correct my issue.

Starting off with, I have several web servers set-up on virtual machines in my house, many intentionally only reachable inside my network, some routed via ports, and some are routed from static WAN IP addresses to internal servers. It seems as if my issue revolves around static IP assisgnments. Any time I try to reach a device from outside my network via it's static IP address, it is VERY slow and often times out.

In setting up the static IPs, I have gone into Firewall>Virtual IPs and I've set each static IP. I think I set them properly, but I may have screwed up on the CIDR. As an example, if one of my static IPs was 123.123.123.123 (that is obviously a fictitious IP but I'm using it as an example). I set a virtual IP as 123.123.123.123 and a subnet mask of /32. In my example, I have a domain of example.com (again, this is fictitious) I've named my Virtual IP "example.com." I then set in Firewall>NAT rules for Destination of example.com to send HTTP and HTTPS traffic to 172.16.10.100 (fictitious LAN address of web server for example.com). Now, on Cloudflare, my domain manager, I have setup an A rule for example.com to 123.123.123.123 with CNAME of www to @.

Now, in my scenario, if I am on a device inside my LAN, if I go to 172.16.10.100, the web page is blazing fast and I have no issues whatsoever. If I connect outside my network by trying to go to example.com, it takes forever. Sometimes, it brings up the site, sometimes, it brings up only the text of the site but no graphics, and other times, I just get a 522 (timeout) error. Originally, I thought the problem was with Cloudflare, but I then tried going to 123.123.123.123 and I get the same behavior. This makes me believe that my issue is with a setting in pfSense.

Does someone see a glaring issue with my setup? Again, obviously, I've used fictitious IP and domains, but other that that, any errors?

johnpoz

@RonRN18 said in Slow static IP routing:

If I connect outside my network by trying to go to example.com

When you say connect outside - you mean your actually outside your network.. Or your just on this 172.x network trying to hit the public IP? Which would be a nat reflection - and sure could be problematic..

RonRN18

@johnpoz said in Slow static IP routing:

@RonRN18 said in Slow static IP routing:

If I connect outside my network by trying to go to example.com

When you say connect outside - you mean your actually outside your network.. Or your just on this 172.x network trying to hit the public IP? Which would be a nat reflection - and sure could be problematic..

When I say "connect outside my network", I'm referring to connecting to a network outside of my internal network, for example, I will tether my laptop to my cellphone, obtaining my network access from a cellular source as opposed to the ISP providing my home's Internet access.

johnpoz

I would prob look to doing a packet capture of the traffic to see where your having a problem as a good place to start.