Squid as reverse proxy, LAN clients sluggish [closed]
I've recently configured squid as a reverse proxy. It solves a problem for us…
We have 3 'web' services running on one server, all on different ports. I need them accessible by subdomain, and ideally transparent to the users. We only have one external static IP.
So, I have:
Name pfSense Listens (squid) Pfsense fowards to port wiki.domain.com WAN: 80 / 443 -> 192.168.1.102:8444 jira.domain.com WAN: 80 / 443 -> 192.168.1.102:8443 svn.domain.com WAN: 80 / 443 -> 192.168.1.102:443
The problem I am having, is that when LAN clients on the 192.168.1.x network access the service by external FQDN, the web services run slowly, at a speed I would expect to get over remote internet. Our WAN is pretty poor, so the speed drops even more as the WAN interface is saturated.
If a LAN client connects to say "https://192.168.1.102:8444", I get lightning fast LAN speed as expected.
So, unless the URI parsing in squid is really slow (which I very much doubt), I'm essentially forcing all traffic over the WAN by making LAN clients use the FQDN for access.
Is there a way to have pfsense recognize that the source of the packets are on the same LAN and bypass the external link? I feel like the traffic never should leave the WAN interface, so I'm not sure why it is so much slower anyway.
Thanks for any advice anyone can provide… I'm a bit of a newb here.
So, I guess it is worth mentioning that the LAN clients really can't access the server by host name locally as a limitation of the software they are connecting to. It expects all clients on the 'base url', which I have to configure as the external fqdn. I've yet to think of a way that I can have the services both internally and externally accessible at the same time, which is a problem other users have found. This is not a pfsense issue.
I think this one is unsolvable for what I need… at first I was hoping it would be as simple as some firewall rules, but I don't think it will work out.
Thanks anyway to those who gave it a look.