Skip to content

Instantly share code, notes, and snippets.

Last active February 28, 2024 03:05
Show Gist options
  • Save numb95/8ed337e1a9fca0d78e8d57026b46ce1f to your computer and use it in GitHub Desktop.
Save numb95/8ed337e1a9fca0d78e8d57026b46ce1f to your computer and use it in GitHub Desktop.
Route all internet traffic through Tor

Do not use in production Server or if you don't know what iptables do

Add this to torrc ( located on /etc/tor/torrc):


AutomapHostsOnResolve 1

TransPort 9051 

DNSPort 9053

Run the attached script as root so all traffic will route from Tor. you can also use attached torrc as a sample.

# ignored location
# Enter your tor UID
# Tor's Port. default is 9050 but if you changed it in torrc change next line
iptables -F
iptables -t nat -F
iptables -t nat -A OUTPUT -m owner --uid-owner $UID -j RETURN
#Change if you select another port for Tor DNS in torrc. I select 9053. Also DNS default port is 53
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053
for NET in $IGN; do
iptables -t nat -A OUTPUT -d $NET -j RETURN
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $IGN; do
iptables -A OUTPUT -d $NET -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner $UID -j ACCEPT
iptables -A OUTPUT -j REJECT
#set tor socks proxy to 9052
SocksPolicy accept
UseBridges 1
#Here is an example of tor bridges. you can obtain it from:
Bridge obfs4 IP:port KEY cert=CERT iat-mo$
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
AutomapHostsOnResolve 1
#Tor tansport
TransPort 9051
#tor DNS port
DNSPort 9053
Copy link

numb95 commented Apr 28, 2022

Thank you for your English tips. I rarely write in it since it's not my first language. The majority of my time is spent reading and not writing English, and in my country, people speak a totally different language from English.
Regarding your question, First of all, yes, all the traffics are routed through Tor, but there is a possibility of DNS leakage. To bypass the Tor, you can set your own rules and use your real IP address.
At the moment, I do not recommend this method. Use Tor as a regular proxy to bypass your application. This feature prevents any data from being transferred with your real IP address (Let's call it kill switch).
Last but not least, it works on behalf of the user. IPtables newbies should avoid this link. ;)


Thank you for your response. I have to go sure that everything running on the system goes through tor. Apparently I don't know anymore what I had to do but this seems to be a good thing. What do you mean with 'dns leakage'?

For the DNS Leakage take a look at this link and also this.
This project may help you. Check it out and make sure it works for you. Pay attention to possible data leakage. Protecting your privacy is much more important than anything else.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment