← Home

Getting Linux Virtual Machines on a Windows Host access to the Internet through an NTLM proxy

I’ve been doing a lot of work with Virtualbox recently, and needed to get some Linux Guests access to the Web on a Windows Host which uses an NTLM Authenticated Proxy Server.

The default network configuration of Virtualbox is to use a NAT network, which normally just gives the machines Internet access if a transparent proxy is in use, but in this case, even setting the proxy manually in the guest OS wouldn’t work due to the use of NTLM authentication.

The solution I’ve come up with is to run an unauthenticated proxy on the Windows Host which proxies the traffic from the Linux Guests and takes care of the downstream authentication.

There are two choices to hand. Cntlm takes a bit of work to setup but is lightweight, while Fiddler is a bit heavier but is widely used and doesn’t require command line setup.

You’re likely to find it easier to get started up with Fiddler, either way, both options are here:

Cntlm Setup

  • Install Cntlm from SourceForge (http://cntlm.sourceforge.net)
  • Edit the cntlm.ini file at C:\program files (x86)\cntlm
  • Insert your own Username and Domain - don’t add your password in plaintext, we’ll add hashes generated by the tool
  • Update the Proxy list in the ini file to include your system proxy
  • At the command line, run C:\Program Files (x86)\cntlm\cntlm.exe -H and copy the output into the section of the cntlm.ini file with commented out PassLM, PassNT and PassNTLMv2 values
  • Remove the default password from the ini file
  • Start the Cntlm service (net start cntlm if you’re running as administrator)
  • The service should now be listening on port 3218, so setup your guest to access this address.

Desktop Environment

Set Environment Variables (Terminal)

export http_proxy=http://10.0.2.2:3128/
export https_proxy=https://10.0.2.2:3128/

Fiddler Setup

  • Install Fiddler on the Windows Host

  • Run Fiddler and check the “Rules” > “Automatically Authenticate” option

  • Setup the Linux Guest to use 10.0.2.2 and port 8888 (this is where Fiddler runs) as the proxy

    10.0.2.2. is the default gateway for Virtualbox (as per manual https://www.virtualbox.org/manual/ch09.html#changenat)

Fiddler Options

Setup Proxy on Linux Guest Desktop Environment

Set Environment Variables (Terminal)

export http_proxy=http://10.0.2.2:8888/
export https_proxy=https://10.0.2.2:8888/