How to Route Windows VMs through a Linux Proxy on Yandex Cloud?

To achieve what you're trying to do, you have a couple of options. The simplest way is to set up Squid on your Ubuntu VM and configure the proxy settings on your Windows servers. You can do this manually or via Group Policy Objects (GPO). This way, all web traffic will go through Squid, allowing you to filter content easily. However, remember that this only covers applications that respect proxy settings.

If you want full control over all traffic, you'll need to make your Linux VM the default gateway. This involves enabling IP forwarding on your Ubuntu machine, setting up NAT using either iptables or nftables, and changing the default gateway on your Windows VMs to the Linux VM's IP address. This approach gives you the ability to use Squid as a transparent proxy, but be cautious with HTTPS filtering as it can get complex with SSL certificates. Also, ensure your Yandex VPC routing is set up correctly to allow this traffic. If web filtering is your only concern, stick with the explicit proxy and GPO method.

Make sure your Windows machines recognize the Layer-7 proxy. When I’ve set up Windows Servers behind Squid in data centers, I used the WPAD (Web Proxy Auto-Discovery Protocol) with a PAC file. Windows Servers can pick up the proxy settings successfully like this. If you're debugging a PAC file, try using the pactester program; it’s a command-line tool that decodes PAC files similar to how a browser would, and it can help streamline the process.

I typically use an OPNsense VM for these types of tasks. It provides gateway functionality, firewall capabilities, HAProxy, Let's Encrypt, and Squid, which makes management a lot easier from the backend side. If you're looking for a straightforward setup, this could be worth considering!