Table of Contents
KeexyBox - Network topologies and features
Depending on the needs, KeexyBox can be implemented in several ways on your home network. We present in this article all possible network topologies to help you understand how KeexyBox works and what it can bring you to improve your browsing on the Internet.
Without KeexyBox
This topology is typically the one you have in most of home networks for Internet access when you are not using KeexyBox.
You have on one side all the devices on your home network that can communicate with your Internet router, and on the other side the router that can communicate with the Internet. The trafic from your devices pass through the router to access the Internet.
Your router acts as the default Internet gateway and generally provides DHCP and DNS services.
With this topology you do not have by default the Internet filtering and you do not have the possibility of anonymizing your Internet browsing.
Use KeexyBox for website filtering and anonymity
This is the recommended topology because it allows to use all the features of KeexyBox.
KeexyBox split your home network into two parts. One part called the input network and the other called the output network.
The input network is a new network created by KeexyBox. All your devices such as PCs, tablets, smartphones, TVs, IP cameras, voice assistants, etc. will now be located in this network.
The output network is the network you used for your devices before installing KeexyBox. This network will only be used by KeexyBox to communicate with your Internet router which route traffic to the Internet.
Keexybox acts for your devices as the default Internet gateway and provides DHCP and DNS services.
Available features for this topology:
| Feature | Available | Comment | |
|---|---|---|---|
| Parental control | Per user or device Internet access times | ✓ | |
| Per user or device Domains/Websites filtering | ✓ | Blacklist must be feed first | |
| Per user or device Safe search for Google, Bing, Youtube | ✓ | ||
| Per user or device pause/resume Internet connection | ✓ | ||
| Blocking of ads and telemetry | Per user or device Domains/Websites filtering | ✓ | Blacklist must be feed first |
| Anonymous browsing | Per user or device Internet over Tor network | ✓ | |
| Per user or device DNS queries over Tor network | ✓ | ||
| Networking | Gateway | ✓ | |
| Per user or device Firewall rules | ✓ | For outgoing traffic only | |
| DNS | ✓ | ||
| DHCP | ✓ | ||
| Statistics | Per user or device Logging | ✓ | |
| Per user or device Charts | ✓ |
Use KeexyBox for website filtering only
This network topology allows you websites filtering but does not allows you to connect to the Internet through the Tor anonymity network.
The input network described above will not be used.
Your devices will remain in the existing home network (output network).
Keexybox provides only DHCP and DNS services.
Available features for this topology:
| Feature | Available | Comment | |
|---|---|---|---|
| Parental control | Per user or device Internet access times | ✓ | only DNS queries will be blocked outside access times |
| Per user or device Domains/Websites filtering | ✓ | Blacklist must be feed first | |
| Per user or device Safe search for Google, Bing, Youtube | ✓ | ||
| Per user or device pause/resume Internet connection | ✓ | Pause/resume only DNS queries | |
| Blocking of ads and telemetry | Per user or device domains/Websites filtering | ✓ | Blacklist must be feed first |
| Anonymous browsing | Per user or device Internet over Tor network | ||
| Per user or device DNS queries over Tor network | ✓ | ||
| Networking | Gateway | ||
| Per user or device Firewall rules | For outgoing traffic only | ||
| DNS | ✓ | ||
| DHCP | ✓ | ||
| Statistics | Per user or device logging | ✓ | |
| Per user or device Charts | ✓ |
A variant of this network topology is possible without using KeexyBox's DHCP. On the other hand, you will have to modify the DHCP configuration of your Internet router so that it provides the KeexyBox IP address as the DNS server for your devices.
Mixed use of KeexyBox
The mixed network topology makes it possible to use the two topologies presented above according to the needs of the devices.
As website filtering and anonymity topology, Keexybox acts for your devices as the default Internet gateway and provides DHCP and DNS services.
For many reasons, some devices may need to use your Internet router as default gateway instead of KeexyBox. For these devices, you will have to reserve a DHCP IP address on the output network. The features will be limited by the website filtering only topology.
Operation of the KeexyBox software
The main role of KeexyBox software is to provide a secured internet browsing for people. To understand how KeexyBox operate, you have to understand what is a user, a device and a profile. This is what we explain below.
KeexyBox software distinguishes between a user and a device. For KeexyBox, a user is identified by entering a login and password on the captive portal, and a device is identified by its MAC address (It is an unique identifier assigned to a network device). In both cases, it is finally the device that is connected to the Internet but in two different methods. A user can stay connected for up to a month before the Internet session close and a device will stay connected to the Internet indefinitely. See KeexyBox - Manage users and KeexyBox - Manage devices for more information.
Each User or device is assigned to a connection profile.
Connection profiles allow you to define the Internet connection settings for users or devices of the local network. It is in a connection profile that you will configure the Internet access times, that you will define the Blacklist categories of websites to filter or even activate anonymous browsing. See KeexyBox - Manage profiles for more information.
About KeexyBox Project: