CNTL when curl or wget is not enough

Simple retrieving from the Internet behind a proxy

There’re a couple of ways to go out your company via a proxy. Most common and simple it’s to retrieve a particular web using the command curl (or wget) and include your authentication in it, for instance:

curl --proxy-ntlm --proxy-user "MyDomain\ntlmtest:test" --proxy proxy.estest.intra:3128

(You may get more information at

When curl or wget is not enough

Me needs has been wide than retrieve a single URL. If you’re using a Linux workstation behind a firewall you need; browse the Internet, to update your system, connect through ssh to an outside host, just to list the most commond ones.

The best solution I’ve found is to install on my workstation CNTL. It acts as a local proxy, you send to it all your connections to them and it goes via your proxy. But, what is really remarkable is that CNTL does a great job in terms of authentication with NTLM based proxies, in my opinion. Cntl is written in C, so is quite fast and light, your NTLM password are hashed, not in clear.

How to configure cntl?

I recommend you read carefully since it guides you step by step.

What files are required?

In Linux your configuration is stored at /etc/cntlm.conf

In order to let your apps and enviroment you have a localhost proxy you must fulfill this variables at your home files:

$export ftp_proxy=http://localhost:3128
$export http_proxy=$ftp_proxy
$export https_proxy=$ftp_prox