Cntlm is not properly routing

Question

I have setup my config file like so (omitting the username, domain and password fields):

Username user
Domain domain
Proxy           127.0.0.1:3128
NoProxy         localhost, 127.0.0.*, 10.*, 192.168.*
Listen          127.0.0.1:3128

I have added the PassLM, PassNT and PassNTLMMv2 lines, after having created a hash.

I run it like so: sudo cntlm -v -c /etc/cntlm.conf

Now, I am attempting to use curl to hit an api endpoint through the proxy server like so:

curl https://url -k --proxy-ntlm -u user:password --proxy 127.0.0.1:3128

However, I receive an error each time: curl: (56) Received HTTP code 502 from proxy after CONNECT

I can tell that the proxy is being accessed, because cntlm spits out a long string of data after I issue the curl.

Not sure what I am doing wrong here, any help would be much appreciated!

Answer 1

CNTLM is actually a local proxy on your machine which requires no authentication. It authenticates with your real/NTLM proxy.

So Proxy should be set to your real/NTLM proxy host:port whilst your Listen is the local proxy port provided by cntlm - usually 3128.

Your file should look like this (remove all text with <> and put there your network parameters.)

Username <WindowsUserName>
Domain <DomainName>
Proxy           <NTLMPROXYHOST>:<NTLMPROXYPORT>
NoProxy         localhost, 127.0.0.*
Listen          3128

Now the following should work.

# No auth required here:
curl -k --proxy 127.0.0.1:3128 https://url

Better would be via environment variables:

export HTTP_PROXY=127.0.0.1:3128
export HTTPS_PROXY=127.0.0.1:3128

Or add these to your /etc/environment:

HTTP_PROXY=127.0.0.1:3128
HTTPS_PROXY=127.0.0.1:3128