Sending all outbound tcp traffic through Tor

Dec 2021

Credit: these instructions are just a very slightly modified version of these.

I wanted to send all of my outbound tcp connections through tor. Note that is different than making all connections through tor in that inbound connections are still accepted from non-tor.

The advantage of this approach is that we can still run a webserver and do ssh to the machine with regular speeds.

I run a debian 10 stable box.

Start by installing tor.

sudo apt install tor

Then, add the following to your /etc/tor/torrc

# Tor transparent proxy setup

AutomapHostsOnResolve 1
TransPort 9040 IsolateClientAddr IsolateClientProtocol IsolateDestAddr IsolateDestPort
DNSPort 5353

Now run the following script to configure your machine to send all outbound tcp via the tor Transparent proxy.


TOR_UID="$(id -u debian-tor)"

iptables -F
iptables -t nat -F

iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 5353
for NET in; do
 iptables -t nat -A OUTPUT -d $NET -j RETURN

iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT

iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -d -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j REJECT