Slow speeds when visiting some websites hosted on my network
-
Background:
I am running CE 2.7.2 on a Minisforum MS-01.
I have the following networks: LAN, VLAN10, VLAN20, VLAN30, VLAN40, VLAN50, VLAN60
For the purposes of what I am experiencing, LAN, VLAN10, and VLAN40 are pertinent.
I also have dual-WAN, with interface WAN being connected to a Comcast Business Gateway with 5 static IPs. WAN is set to static with the first IP in the block as the interface IP. The Gateway IP is set appropriately based on what Comcast gave me. The other 4 IPs are setup as IP Aliases. WAN2 is DHCP, also a Comcast Business account.
On VLAN 10, I have an Nginx Proxy Manager instance running, and a Rocky Linux VM running Nginx as the web server. The Nginx Proxy Manager -> Nginx Web Server connection is working as intended.
On VLAN 40, I have yet another Nginx Proxy Manager instance running (separate machine) and that is helping reverse proxy to a home assistant instance I have running.
The flow of accessing the websites is Client -> Cloudflare -> NPM -> Web Server
In NAT, I have port forwarded ports 80 and 443 for my 5th static IP to the NPM server on VLAN40, and I have once again port forwarded 80 and 443 to the other NPM server for my first static IP. So, let's say that my static IP block was 1.2.3.4 through 1.2.3.8. This would mean that 1.2.3.8 has ports 80 and 443 forwarded to 192.168.40.2 and 1.2.3.4 has ports 80 and 443 forwarded to 192.168.10.2.
Additionally, in System -> Advanced -> Firewall & NAT I have set reflection to NAT + Proxy, as a troubleshooting step that I found in another post online for a similar issue.
Now, to the actual problem.
If I navigate to the domain that hits the 5th static IP and thus the port forward for 443/80 to 192.168.40.2, everything loads very quickly and as expected when connecting either internally or externally.
If I navigate to the domain that hits the first static IP and thus the port forward for 443/80 to 192.168.10.2, it loads quickly when NOT accessing from the internal network, but it's horribly slow to load the page when accessing from any VLAN on the internal network, even VLAN 10. This almost feels like a DNS issue to me, but running nslookup gives an immediate response to the correct IP address, and it's not an issue that goes away on subsequent page loads, so that's why I feel it necessary to put it in Routing.
What's really taking me for a ride is the fact the issue is present when accessing a site that's hosted on one VLAN versus another. I don't have any firewall rules blocking on VLAN 10 since the site does eventually load, even if it takes forever. VLAN 40 has been snappy right from the get-go.
Thanks in advance for any help someone can provide.
-
I should add, if I add an entry into my computer's hosts file to directly resolve to the internal IP of the NPM server, the loading is very fast, so it's not an issue with the Nginx server or the NPM in front of it. This makes me think that maybe the solution is to put manual entries into PF's resolver, but it still bothers me that it would only happen on one set of sites. Also, I am trying to keep VLAN 10 completely isolated from the rest of the VLANs, so having to resolve to it goes against what I'm trying to accomplish.