Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid as reverse proxy, LAN clients sluggish [closed]

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      Tired2
      last edited by

      Hi,

      I've recently configured squid as a reverse proxy.  It solves a problem for us…

      We have 3 'web' services running on one server, all on different ports.  I need them accessible by subdomain, and ideally transparent to the users.  We only have one external static IP.

      So, I have:

      
Name                    pfSense Listens (squid)    Pfsense fowards to port     

wiki.domain.com             WAN: 80 / 443     ->   192.168.1.102:8444
jira.domain.com             WAN: 80 / 443     ->   192.168.1.102:8443
svn.domain.com              WAN: 80 / 443     ->   192.168.1.102:443

      The problem I am having, is that when LAN clients on the 192.168.1.x network access the service by external FQDN, the web services run slowly, at a speed I would expect to get over remote internet.  Our WAN is pretty poor, so the speed drops even more as the WAN interface is saturated.

      If a LAN client connects to say "https://192.168.1.102:8444", I get lightning fast LAN speed as expected.

      So, unless the URI parsing in squid is really slow (which I very much doubt), I'm essentially forcing all traffic over the WAN by making LAN clients use the FQDN for access.

      Is there a way to have pfsense recognize that the source of the packets are on the same LAN and bypass the external link?  I feel like the traffic never should leave the WAN interface, so I'm not sure why it is so much slower anyway.

      Thanks for any advice anyone can provide… I'm a bit of a newb here.

      1 Reply Last reply Reply Quote 0
      • T Offline
        Tired2
        last edited by

        So, I guess it is worth mentioning that the LAN clients really can't access the server by host name locally as a limitation of the software they are connecting to.  It expects all clients on the 'base url', which I have to configure as the external fqdn.  I've yet to think of a way that I can have the services both internally and externally accessible at the same time, which is a problem other users have found.  This is not a pfsense issue.

        I think this one is unsolvable for what I need… at first I was hoping it would be as simple as some firewall rules, but I don't think it will work out.

        Thanks anyway to those who gave it a look.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.