A student at school is working on getting Alexa working on a Raspberry Pi. I've done it on one of my Pis and it works at home, but not at school, I think because of the school web proxy. There seems to be a paucity of information about proxy settings for Alexa, and it doesn't appear to respect the system proxy settings in /etc/environment.
The Pi network is behind a Shorewall firewall to protect the school network. So in a flash of inspiration, I thought I could simply DNAT the http requests hitting Shorewall as default gateway, so automatically redirecting them to the school proxy. That works for http, but not for https. After a little bit of digging to find out how a proxy functions for https it became obvious that a simplistic DNAT couldn't work. It seems that a browser, knowing that it's going through a browser, first sends an unencrypted http CONNECT command before negotiating the ssl tunnel. But would it be possible to somehow configure Shorewall, on receipt of a tcp:443 connection request, to inject the CONNECT command into the stream before starting to relay the ssl dialogue, quoting the pre-DNAT destination ip address? How (in outline) could you achieve that? Regards - Philip ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
