Network Architecture · Workhorse Tech Stack
This section describes the data path of the NetAccel Wi-Fi + Bridge Edition in typical home or office environments. The goal is to give network administrators and engineers an immediate, clear view of how traffic flows internally and what role each component plays.
1. Physical & Layer-2 Structure: Unified Bridge br0
NetAccel uses a unified bridge:
br0 = eth0 + wlan-ap0eth0: Uplink to the LAN port of your home router or ONT (optical network terminal), obtaining an upstream DHCP address.wlan-ap0: Wi-Fi access point interface provided byhostapd, with an SSID likeNetAccel-XXXX.br0: Presented externally as a single bridged interface that carries all client IP traffic on the local network.
NetAccel does not replace your existing router. Instead, it acts as a “clean, transparent bridge node” inserted into your LAN topology.
2. DNS & Routing Workflow Overview
The current version uses the following DNS pipeline:
dnsmasq: Listens on127.0.0.1:5353, handling DHCP and local DNS resolution.- Pi-hole: Retained only for its Web UI and blocklist management; core FTL DNS functionality is disabled.
- Unbound: Recursive resolver listening on
127.0.0.1:5335. - Clash: Handles policy-based routing and transparent proxying; its DNS listener runs on
127.0.0.1:7874.
In summary, client DNS requests are ultimately routed through Unbound and Clash, with Clash deciding whether to connect directly or via a proxy based on configured rules.
2.1 Core Workhorse Data Path (Mermaid)
The diagram below illustrates NetAccel’s core workflow using Mermaid syntax:
flowchart LR
subgraph LAN["Local Clients"]
A[Phones / Computers
Client Devices]
end
A -->|IP & DNS via DHCP| B[br0
(eth0 + wlan-ap0)]
subgraph NETACCEL["NetAccel Device"]
B --> C[dnsmasq :5353
DHCP + Local DNS]
C --> D[Pi-hole (Web UI + Blocklists)]
D --> E[Unbound :5335
Recursive DNS]
E --> F[Clash DNS :7874
Policy Engine]
B --> G[Clash TProxy / Redir
TCP/UDP Traffic]
end
F -->|Based on Rules| H[[Direct / Proxy]]
G --> H
H --> I[(Upstream Router / ONT)]
I --> J[(Internet)]
In real-world deployments, Clash’s rule sets (e.g., direct domains, proxied domains, GeoIP policies) can be customized per country or use case.
3. Bridge Monitor and Beacon / Liaison
NetAccel includes a built-in daemon script, netaccel-bridge-monitor.sh, responsible for:
- Monitoring IP/subnet changes on
br0 - Automatically updating the DHCP range and gateway in
dnsmasqconfiguration - Updating Clash
IP-CIDRrules related to the local subnet - Generating and sending a Beacon to Liaison / Rendezvous servers
The Liaison server receives heartbeat messages (UDP port 34448) and displays device status via an HTTPS dashboard, including: last report time, current subnet, unique device ID, and more.
3.1 Beacon / Liaison Data Flow (Mermaid)
sequenceDiagram
participant Dev as NetAccel Device
participant Mon as Bridge Monitor
netaccel-bridge-monitor.sh
participant Lia as Liaison Server (device.netaccel.top)
participant Dash as Dashboard
Dev->>Mon: Detects br0 IP/Subnet Change
Mon->>Mon: Updates dnsmasq / Clash Config
Mon->>Lia: Sends UDP Beacon (Port 34448)
Containing Unique ID + Subnet + Timestamp
Lia->>Dash: Refreshes Latest Status Record
Dash->>User: Shows "Online / Offline / Last Heartbeat" in Web Dashboard
The current OTP field is fixed to the value 2458 as a simplified validation placeholder.
True device uniqueness is guaranteed by the early-boot netaccel-unique-id service and encrypted container mechanisms.
4. Future Extension Points
Based on this architecture, future enhancements can be added without altering the core principles of “bridging + private DNS + policy-based routing,” such as:
- Integration with Chairside Photo Capture nodes to optimize large-file transfer paths.
- Providing a stable, observable network environment for Liaison AI-in-a-Box deployments.
- In educational settings, enforcing uniform proxy/split-tunnel policies to filter out distractions for students.
For deployers, understanding this Workhorse Tech stack provides full confidence in predicting and managing NetAccel’s behavior.