linux（無圖形介面）通過windowsProxy 伺服器上網

 背景：在手機wap程式工作在linux下，需通過windowsProxy 伺服器上網（http/https），ISA代理。使用代理需要網域名稱/使用者名稱和密碼。

 

1、先執行命令設定環境變數export http_proxy=http://192.168.24.254:8080/和export http_proxy=http://sywgdev.net/proteinx@192.168.24.254:8080/。但執行失敗。報407錯，認證失敗。

2、下載ntlmaps，但需要在python1.5.2版本進行編譯，python網站無法下載，放棄.

 

3、改用cntlm，下載cntlm0.35（http://cntlm.sourceforge.net/）和0.351，安裝了cntlm0.35，解壓該檔案，設定檔在/usr/local/etc/cntlm.conf，配置Username 、Domain、Proxy - IP address、Listen四個項目。然後使用./configure編譯，成功後在目前的目錄下有個cntlm程式，cntlm的作者推薦第一次運行時使用cntlm -M，讓程式自動探測Proxy 伺服器的類型。我遇到的問題是輸入的網域名稱和cntlm返回的不一致，所以導致探測一直失敗。cntlm運行時會反饋Proxy 伺服器的一些資訊，網域名稱（domain 和 NTDomain都包括在內）。由此發現失敗時我配置的網域名稱是sywgdev，程式返回的是sywgdev.net，修改正確後使用wget成功從http://www.online.sh.cn和http://news.163.com上下載了網頁。它是一個支援多線程的程式。還需要說明的是，wget使用的是http_proxy這個環境變數，在cntlm運行後，需要將這個環境變數設定為export http_proxy=http://127.0.0.1:3128/，將cntlm看作一個代理，預設運行在3128連接埠。初次使用時加上-v參數，讓它跑在前台，會返回很多資訊，便於發現問題。

 

附設定檔:

[root@thsHost ~]# cd /usr/local/etc
[root@thsHost etc]# ls
cntlm.conf  index.html  index.html.1  pear.conf
[root@thsHost etc]# more cntlm.conf
#
# Cntlm Authentication Proxy Configuration
#
# NOTE: all values are parsed literally, do NOT escape spaces,
# do not quote. Use 0600 perms if you use plaintext password.
#

Username        proteinx
Domain          sywgdev.net
Password        asdf            # Use hashes instead (-H)
#Workstation    netbios_hostname        # Should be auto-guessed

Proxy           192.168.24.254:8080
#Proxy          10.217.112.42:8080

#
# This is the port number where Cntlm will listen
#
Listen          3128

#
# If you wish to use the SOCKS5 proxy feature as well, uncomment
# the following option, SOCKS5. It can be used several times
# to have SOCKS5 on more than one port or on different network
# interfaces (specify explicit source address for that).
#
# WARNING: The service accepts all requests, unless you use
# SOCKS5User and make authentication mandatory. SOCKS5User
# can be used repeatedly for a whole bunch of individual accounts.
#
#SOCKS5Proxy    8010
#SOCKS5User     dave:password

#
# Use -M first to detect the best NTLM settings for your proxy.
# Default is to use the only secure hash, NTLMv2, but it is not
# as available as the older stuff.
#
# This example is the most universal setup known to man, but it
# uses the weakest hash ever. I won't have it's usage on my
# conscience. Really, try -M first.
#
#Auth           LM
#Flags          0x06820000

#
# Enable to allow access from other computers
#
#Gateway        yes

#
# Useful in Gateway mode to allow/restrict certain IPs
#
#Allow          127.0.0.1
#Deny           0/0

#
# GFI WebMonitor-handling plugin parameters, disabled by default
#
#ISAScannerSize 1024
#ISAScannerAgent        Wget/
#ISAScannerAgent        APT-HTTP/
#ISAScannerAgent        Yum/

#
# Headers which should be replaced if present in the request
#
#Header         User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

#
# Tunnels mapping local port to a machine behind the proxy
#
#Tunnel         11443:remote.com:443