Internet Infrastructure

Why This Matters

A functioning network connecting computers is the single greatest force multiplier for a rebuilding civilization. It enables instant communication, shared access to accumulated knowledge, coordinated resource management, and collaborative problem-solving across distances. Rebuilding internet infrastructure — even at a small scale — can accelerate every other area of recovery by orders of magnitude.

What You Need

Knowledge prerequisites:

• Telecommunications fundamentals (signal transmission, radio)
• Programming skills (C, Python, or similar for network software)
• Data storage systems (disk, filesystem basics)
• Basic electronics (soldering, circuit reading)

Materials:

• Copper wire (solid core, 24 AWG, in twisted pairs — salvage from building wiring or telephone cable)
• RJ45 connectors and crimping tool (salvage from offices)
• Network switches and/or hubs (salvage from any office building)
• Computers with network interface cards (virtually any post-2000 hardware)
• Coaxial cable for longer runs or antenna feeds
• Radio transceivers for wireless links (WiFi equipment or purpose-built)
• Optical fiber and transceivers for long-distance backbone (if available)

Software:

• Linux operating system (runs on minimal hardware, contains all network tools)
• Open-source network services (BIND for DNS, Apache/nginx for web, Postfix for mail)

Networking Fundamentals

How Data Travels

All digital networks break data into small chunks called packets. Each packet contains:

• Header: Source address, destination address, sequence number, protocol type
• Payload: The actual data being transmitted (a fragment of a file, web page, email, etc.)
• Checksum: A mathematical verification that the data wasn’t corrupted in transit

This approach — packet switching — is the foundation of all internet communication. Unlike a telephone circuit that dedicates a continuous connection between two points, packet switching lets many conversations share the same wires by interleaving their packets.

The Network Layer Model

Network communication is organized into layers, each handling a specific concern:

Layer	Name	Function	Example
7	Application	User-facing services	HTTP, SMTP, FTP
6	Presentation	Data format translation	SSL/TLS, encoding
5	Session	Connection management	Session tracking
4	Transport	Reliable delivery	TCP, UDP
3	Network	Logical addressing and routing	IP, ICMP
2	Data Link	Physical addressing, framing	Ethernet, WiFi
1	Physical	Electrical/optical signals	Cables, radio waves

In practice, you will work mostly with layers 1-4. The key insight: each layer only communicates with its corresponding layer on the other machine, and uses the layer below it as a transport mechanism.

Ethernet — The Local Network Standard

Ethernet is the dominant wired networking standard. At its core, it defines:

• Frame format: How bits are packaged for transmission (preamble, addresses, type, data, checksum)
• MAC addresses: 48-bit hardware addresses burned into each network card (e.g., AA:BB:CC:DD:EE:FF)
• CSMA/CD: The protocol for sharing a wire — listen before transmitting, detect collisions, retry with random backoff

Modern Ethernet runs at 100 Mbps (Fast Ethernet) or 1000 Mbps (Gigabit) over twisted pair copper cable. For a rebuilding civilization, even 10 Mbps Ethernet is extraordinarily capable — it can transfer a full book’s text in under a second.

Building the Physical Network

Twisted Pair Cabling

Standard Ethernet cable (Cat5/Cat5e/Cat6) contains four twisted pairs of copper wire. The twisting reduces electromagnetic interference. Each cable can reliably carry data up to 100 meters.

Making a cable:

1. Cut cable to length plus 30 cm excess
2. Strip 3 cm of outer jacket from each end
3. Untwist pairs and arrange wires in T-568B order:
   • Pin 1: White/Orange
   • Pin 2: Orange
   • Pin 3: White/Green
   • Pin 4: Blue
   • Pin 5: White/Blue
   • Pin 6: Green
   • Pin 7: White/Brown
   • Pin 8: Brown
4. Trim all wires to equal length (1.2 cm exposed)
5. Insert into RJ45 connector — verify all wires reach the end and are in order
6. Crimp with the crimping tool
7. Test with a cable tester or by connecting two devices

Cable Quality Matters

A single mis-wired or poorly crimped cable can cause intermittent failures that are extremely difficult to diagnose. Always test cables before installation. Label both ends. Keep cables away from power lines (maintain at least 15 cm separation) to avoid interference.

Longer Distances — Options

For distances beyond 100 meters:

Method	Range	Speed	Complexity
Fiber optic	2-80 km	1-10 Gbps	High — requires special tools
WiFi bridge	1-30 km	10-300 Mbps	Medium — needs line of sight
Ethernet repeater	200 m (cascaded)	100 Mbps	Low — just add a switch
Radio modem	5-50 km	1-10 Mbps	Medium — antenna and radio skills

For connecting buildings within a settlement, daisy-chained switches are simplest. For connecting settlements separated by kilometers, directional WiFi antennas or radio modems are most practical.

Wireless Point-to-Point Links

To connect two locations separated by distance:

1. Mount directional antennas (salvaged WiFi dish or panel antennas) at both sites, as high as possible
2. Ensure clear line of sight — radio signals at 2.4/5 GHz do not penetrate hills or dense forest
3. Configure one end as an access point, the other as a client (or use bridge mode)
4. Align antennas by monitoring signal strength — even 1 degree of misalignment can halve throughput
5. Weatherproof all connections — use outdoor-rated enclosures and cable glands

Antenna Height

For long-distance links, antenna height is critical. The Earth’s curvature and Fresnel zone clearance require antennas at elevated positions. A rough formula: for a 10 km link, each antenna should be at least 8-10 meters above the terrain between them. Towers, tall buildings, or hilltops are ideal mounting locations.

IP Addressing and Routing

Assigning Addresses

Every device on your network needs a unique IP address. For a private network (not connected to the global internet), use these reserved ranges:

Range	Addresses Available	Best For
10.0.0.0/8	16.7 million	Large inter-settlement network
172.16.0.0/12	1 million	Medium regional network
192.168.0.0/16	65,534	Single settlement LAN

Subnetting strategy for a multi-settlement network:

• Assign each settlement its own subnet: 10.1.0.0/24 for Settlement 1, 10.2.0.0/24 for Settlement 2, etc.
• Each subnet supports 254 devices — more than enough for most communities
• Reserve .1 for the router/gateway in each subnet
• Reserve .2-.10 for servers (DNS, web, mail, file)
• Use .11-.250 for general devices
• Set up a DHCP server to automatically assign addresses from the general pool

Setting Up a Router

A router connects different subnets and forwards packets between them. Any Linux computer with two or more network interfaces can be a router:

1. Install Linux on a computer with two network cards
2. Assign each interface an IP in its respective subnet
3. Enable IP forwarding: edit /etc/sysctl.conf, set net.ipv4.ip_forward = 1
4. Configure static routes or install a routing daemon (like quagga or bird)
5. Set up NAT if this router is the gateway to any external network

DNS — The Network’s Address Book

DNS translates human-readable names (like library.settlement1.local) to IP addresses. Without it, users must memorize numeric addresses.

Setting up a DNS server:

1. Install BIND (or dnsmasq for simpler needs) on a central server
2. Define your zone (e.g., settlement.local)
3. Create A records mapping names to IPs:

   library    IN A  10.1.0.5
   mail       IN A  10.1.0.6
   council    IN A  10.1.0.7
   

4. Configure all DHCP clients to use this server for DNS
5. Set up secondary DNS on a second server for redundancy

Core Services

Web Server

A web server is the most versatile service — it can host documentation, coordinate resources, display sensor data, and run web applications.

1. Install Apache or nginx on a dedicated machine
2. Place HTML files in the document root (/var/www/html/)
3. For dynamic content, add PHP or Python CGI support
4. Create an internal wiki or knowledge base as the first application — this becomes the community’s shared library

Email Server

Email provides asynchronous communication — critical when people work different schedules or are at different settlements:

1. Install Postfix (SMTP — sending) and Dovecot (IMAP — mailbox access)
2. Create user accounts for each community member
3. Configure the domain (e.g., @settlement.local)
4. Set up a webmail client (Roundcube) for browser-based access
5. Inter-settlement email works as long as DNS and routing are configured between settlements

File Sharing

Centralized file storage prevents data loss and enables collaboration:

• NFS: Native Linux file sharing — mount remote directories as if they were local
• Samba: Compatible with Windows clients if any survive
• Simple HTTP directory: Apache’s autoindex module lets users browse and download files through a web browser

Network Security

Firewall Configuration

Every router should run a firewall. On Linux, use iptables or nftables:

1. Default policy: DROP all incoming traffic
2. Allow established/related connections (responses to outgoing requests)
3. Allow specific services: SSH (port 22), HTTP (port 80), DNS (port 53), SMTP (port 25)
4. Allow ICMP (ping) for diagnostics
5. Log dropped packets for security monitoring

Security Through Simplicity

A rebuilt network’s best defense is simplicity. Run only the services you need. Remove or disable everything else. An unused service is an unmonitored attack surface. Regularly review what is running with netstat -tlnp and shut down anything unexpected.

Encryption

Even on a trusted community network, encrypt sensitive communications:

• SSH: Use for all remote administration — never telnet
• TLS/HTTPS: Generate self-signed certificates for web servers serving sensitive content
• Certificate Authority: Create a community CA, distribute its certificate to all machines, and sign all server certificates with it. This prevents man-in-the-middle attacks.

Generate a self-signed CA on Linux:

openssl genrsa -out ca.key 4096
openssl req -x509 -new -key ca.key -days 3650 -out ca.crt

Physical Security

Network hardware is vulnerable to physical access:

• Keep servers and switches in a locked, climate-controlled room
• Use UPS (battery backup) for critical infrastructure — servers, routers, switches
• Maintain at least one offline backup of all critical data
• Document the entire network topology on paper — not just digitally

Scaling Up — Inter-Settlement Network

As your network grows beyond a single settlement:

1. Assign autonomous system numbers to each settlement or region
2. Deploy backbone links — fiber, radio, or long-range WiFi between settlements
3. Run BGP or OSPF between settlement routers for automatic route discovery
4. Replicate critical services — DNS, email, and knowledge base should exist at multiple settlements so no single failure cuts off access
5. Establish a network operations team — at least two people per settlement trained in troubleshooting
6. Document everything — network diagrams, IP assignments, cable routes, equipment locations

Common Mistakes

Mistake	Why It’s Dangerous	What to Do Instead
No documentation	Cannot troubleshoot or rebuild when someone is unavailable	Maintain written network diagrams, IP lists, and configuration records
Single point of failure	One broken switch or cable takes down everything	Use redundant paths between critical nodes, keep spare equipment
Flat network (no subnets)	Broadcast storms degrade performance as network grows	Subnet by settlement/building, use routers between segments
No backups of server data	Hardware failure means permanent knowledge loss	Daily automated backups to a second machine, weekly offline copies
Ignoring cable management	Tangled cables impossible to trace, prone to accidental disconnection	Label all cables, use cable trays, document connections
Running unnecessary services	Each service is a potential vulnerability and maintenance burden	Audit running services monthly, disable anything not actively used
No access control	Anyone can modify critical systems	Use SSH keys, strong passwords, and sudo for administrative access

What’s Next

This is a terminal node — mastering internet infrastructure represents the cutting edge of what a rebuilding civilization can achieve. A functioning network connecting multiple settlements transforms a collection of isolated communities into a coordinated civilization. From here, the network becomes the platform for every other advancement: shared research, coordinated agriculture, distributed manufacturing, democratic governance, and the preservation of all recovered knowledge for future generations.

Quick Reference Card

Internet Infrastructure — At a Glance

• Ethernet range: 100 m over twisted pair (Cat5/Cat5e), extend with switches or fiber
• Private IP ranges: 10.0.0.0/8 (large), 172.16.0.0/12 (medium), 192.168.0.0/16 (small)
• Minimum services: DNS (name resolution), DHCP (address assignment), HTTP (knowledge sharing), SMTP/IMAP (email)
• Router: Any Linux box with 2+ NICs and IP forwarding enabled
• WiFi bridge range: Up to 30 km with directional antennas and line of sight
• Cable standard: T-568B wiring order for all RJ45 connectors
• Firewall rule: Default deny, explicitly allow only needed services
• Redundancy: At minimum, duplicate DNS servers and backup all data to a second machine
• Security: SSH only (no telnet), self-signed TLS certificates, community CA for trust
• Documentation: Paper copies of network diagrams, IP assignments, and equipment locations