This is a simple dockerfile that wraps up cntlm into debian. It will set up a open proxy, that uses NTLMv2 to authenticate upstream. The main use case is to get a simple proxy setup that plays nice with windows networks.

Ideally you can use this with redsocks+iptables, to make docker images think they have direct access, but the connections are actually tunneled through.

container->redsocks->ctnlm->upstream

For SSH you may also be interested in corkscrew

Simple usage is

docker run --rm -p 3128:3128 btrepp/cntlm user.name domain NTVLMv2Hash upstream_proxy:port

This will create an unathenticated proxy on the host running at 3128

By default cntlm will run with NoProxy localhost, 127.0.0., 10., 192.168.*, *.$2 If the env var NOPROXY is set, it gets added to this list

By default I've only set this up to accept Hashed passwords. cntlm supports actual passwords, but that is left up to you to figure out. A script exists in the images that will help you get the hash

docker run --rm -t -i --entrypoint="get_ntlm.sh" btrepp/cntlm user.name@domain upstream_proxy:port

This will ask you for your password and attempt to use the upstream proxy to get to docker.io. If it succeeds it will print a PassNTLMv2 line, use this hash above when launching the container.

This was a quick hack to get together as nothing currently existed on the registry. Feel free to fork it and send pull requests