From my Linux workstation, the only application that can access the
internet are a) Firefox (using its own proxy configuration and
authentication stored in Firefox), as well as applications running in
a Windows VM (Note - the windows VM is a domain member and the user
authenticates against the domain when logging in)
Solution option: Run a web proxy on your windows VM. Setup your system to use that instance as your proxy.
Since your Windows VM is already authenticated and traffic is allowed through it, setting up a SOCKS proxy on that VM instance will centralized your authentication needs. If it is just for you and your boxes, this should be fine and is probably fairly straightforward.
Piggybacking on this idea is to get an SSHD daemon running on the Windows VM so you can do things like SSH SOCKS tunnels from your other boxes through the VM:
ssh -D 1080 windows-user@windows-vm
For those apps that may have problems or where you don't want to reconfigure the apps, you can make use of sshtunnel, which will setup iptables rules to route traffic. Works for Linux and Mac systems.
If you need to avoid installing a proxy on the Windows VM itself, you can setup a Squid proxy box configured to authenticate itself against the windows AD. A guide on doing that located here:
Solution option: Squid Proxy Authenticated via AD/NTLM
http://techmiso.com/1934/howto-install-squid-web-proxy-server-with-active-directory-authentication/ (dead link)
Another NTLM proxy solution, though I think this one actually runs on a Windows machine:
Solution option: NTLM proxy
http://cntlm.sourceforge.net/
Sorry for answering this maybe too late. I'm new on stackexchange and saw it today with no possibility to answer before. Let's work...
To redirect all requests from that pcs to the socks proxy port you'll need some iptables. Let's supposse you have that proxy on port 9050 and the interface name for your card is eth0 (I mean the one of your gateway-server which is connected to the nearest internet side) because you didn't provided data... so completing with some imagination :)
To enable forwarding and to do the NAT masquerading you'll need to execute echo 1 > /proc/sys/net/ipv4/ip_forward and then the iptables rules:
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
And to redirect all web requests of your internal network clients to the proxy port you'll need:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 9050
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 9050
With these rules, the requests arrive to the port on which there must be "something" well configured to get working everything. Good luck! or if I got late to the post, maybe you can share with us how you dealed with this.
Best Answer
You will need to install and configure a proxy server locally. Whatever you choose to install must, itself, support being configured to use a proxy server.
I would start with tinyproxy (see Ubuntu package tinyproxy ).
It looks like this supports rules for setting some domains via an "upstream". See the documentation:
The first rule type sends everything via another proxy.