0

pals, I'm using a PC (OS: Windows) inside a corporate network (a LAN) which allows internet connections through a proxy (classical situation), and I can't access to certain websites (Firefox is my WebBrowser) because the proxy is denying me the access to them. Something like this:

PC client <--LAN--> Corporate Proxy <-> Internet (Websites, etc.)

I was told that using cntlm I can get connected to those websites using the cntlm tunneling feature. So, I'd like to know how should I configure the cntlm.ini file making use of that feature (tunneling) and this way get an internet connection without my corporate proxy "watching" it and denying me every website I visit.

I'm sorry if this is a dumb question but I'm a novice in these themes. I'd really appreciate your help !!! Thanks a lot in advance! :-)

Asiel
  • 1
  • 3
  • I forgot to mention that I already have cntlm working properly and these are the fundamental parameters in the cntlm.ini file: Username myuser Domain myorg.co Proxy 10.0.0.202:8080 NoProxy localhost, 127.0.0.*, 10.*, 192.168.*, 10.*.*.*, *.myorg.co Listen 3128 Gateway no – Asiel Apr 29 '15 at 01:54

1 Answers1

0

I'll prefix this answer by saying that doing this is going to break the terms and conditions of your use of your corporate services. It probably breaks your Acceptable Use Policy and could easily result in you being fired. In some industries the outcome could be worse & you could end up in prison.

To achieve this, you need access to a server outside your corporate network that allows you to tunnel your traffic.

You can then use cntlm to act as a broker with your corporate proxy allowing you to use local applications that are not able to authenticate with the proxy - this is a common pattern for Microsoft proxy's since they often use NTLM authentication that many development tools don't understand.

So to access a disallowed service, run PUTTY or similar to connect to a server that allows you to set up an SSH tunnel. But instead of connecting PUTTY direct to that server - which will fail because PUTTY cannot use NTLM to authenticate to the proxy - connect via cntlm.

Julian Knight
  • 14,313
  • 3
  • 27
  • 41
  • Julian, thank you very much for your answer. I asked that because I thought that only using cntlm I could achieve that kind of thing, not being necessary the usage of some tool like PUTTY and an external server which allows me to tunnel my traffic. I spent more than 4 hours yesterday trying to find a way to do that, I searched on Internet a lot, and all related posts show a similar solution. I’ll keep searching for more info about the cntlm tool, maybe there is something I’m missing here, i.e, what for is the parameter “Tunnel” in the cntlm.ini? Anyways your answer is accurate, you've my vote – Asiel Apr 29 '15 at 17:27
  • It has been a long time since I used it but I only ever used it to provide the authenticated proxy link I'm afraid. It will act as a local socks proxy so you can make multiple connections through it from client software (Firefox, PUTTY, etc). – Julian Knight Apr 29 '15 at 20:35
  • the solution to this is often [reverse SSH](https://unix.stackexchange.com/q/46235/44425) – phuclv Jun 14 '18 at 04:24