Why You Need a XenServer at Home
I recently spent a few days configuring and tweaking a new router at home, and I decided to take a different approach this time. Previously I had an old Linksys WRT54GL router running the Tomato firmware. Tomato is great – I highly recommend it – but the limited memory and storage of the router hardware made it impossible to provide any services beyond the basics of home routing. Everything worked, but expansion options were extremely limited.
My goal for the new router was to put a transparent proxy in place, as described in one of my previous articles about monitoring your kids’ activity online. I had previously put a transparent proxy in place using a tiny PC with multiple network ports like this one. But after a couple years the device stopped working and I lost all of my customized setup. So I had put the old Tomato router back in place. Now, with Stinkbrain Jr getting old enough to look at porn and download virus-laden files, I decided it was time to bring back the proxy.
I considered buying a new box, but the frustration of losing all the time I spent configuring the old one was holding me back. So I decided to set up a home XenServer instead and run the router as a virtual machine. That way I could back up the entire system periodically in case of hardware failure, and take a snapshot before tweaking the running system in case anything went wrong. I’ve found that when the home router stops working, wife and kids will appear within a few minutes to tell you about it.
Working with routers can be tricky. Until you get their networks configured properly you might be locked out of them at any time. With custom firmware on a cheap consumer router that might mean you’ll have to reflash the bios and start over. With a dedicated PC you’ll be dragging over a keyboard and monitor to get things working again. With XenServer you can leave yourself easy access to the server terminal from anywhere on your home network.
I set up a XenServer with 3 network ports. The first port acts as the management interface you use to connect to XenCenter to manage the server remotely. The other two serve as the WAN and LAN interfaces on your router.
Here’s an outline of the basic process:
- Set up a home XenServer with 3 NICs. You’ll also need an install ISO for CentOS. You can install from a physical CDROM drive on the XenServer or set up a SMB share and map it as an ISO source in XenServer
- Create a virtual machine called “router” with your WAN and LAN NICs attached
- Install a minimal CentOS 6 or 7 on the new VM
- CentOS 6 uses iptables for routing while CentOS 7 uses firewalld. I was unable to get firewalld NAT routing on Centos 7 to work, so I disabled firewalld and enabled iptables. Then I used these instructions to set up NAT routing.
- Set up home DNS and DHCP services using dnsmasq
- Install squid caching software
- Configure the transparent proxy
- Install and configure squidanalyzer to generate reports to show traffic through the proxy