How to set up a TOR Transparent Proxy

Pasha KravtsovSupport Engineer
Hello EE,

Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of iptables and know basic Linux commands.
1. To start install the 'Tor' package available in most repositories.
apt-get install tor

Open in new window

If you are using a different distribution of Linux obviously use your package manager to install the Tor package.

2. We are now going to want to start Tor, run this command:
root@s2:~# service tor start
[ ok ] Starting tor daemon...done.

Open in new window

If you are using a different distribution of Linux, use the appropriate command to start the Tor daemon.

3. Now we're going to want to edit the Torrc configuration file and add these lines:
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 5353

Open in new window

The Torrc file is located at /etc/tor/torrc

root@s2:~# vim /etc/tor/torrc

Open in new window

4. Once you have added those 4 lines to the Torrc restart the Tor daemon
root@s2:~# service tor restart
[ ok ] Stopping tor daemon...done.
[ ok ] Starting tor daemon...done.

Open in new window

5. Finally we are going to set the iptables rules to send all DNS requests and etc through Tor. For this we will use a handy bash script to set everything up for us. Add this script to startup to have transparent proxy after you boot
# destinations you do not want routed through Tor
# the UID Tor runs as, change this accordingly for your OS
# Tor's TransPort
iptables -F
iptables -t nat -F
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 5353
for NET in $NON_TOR; do
 iptables -t nat -A OUTPUT -d $NET -j RETURN
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR; do
 iptables -A OUTPUT -d $NET -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j REJECT

Open in new window

6. Save this script as .sh file and the CHMOD it
chmod +x

Open in new window

7. Now check that you are correctly connecting through Tor
curl | grep "Congratulations."

Open in new window

Pasha KravtsovSupport Engineer

Comments (18)

Brandon LyonFrontend Engineer and UX

Daily browsing means different things to different people. What's that saying? If you're using a hammer then everything looks like a nail?

I rarely, if ever, stream videos or download anything. Most of the time I'm reading news, hanging out in forums, communicating with other people, searching the net, browsing, etc. I don't need lots of bandwidth for that.
Pasha KravtsovSupport Engineer


I personally use it for irc, coding DHT code through tor, etc. It's all up to you whether you want to use it for your daily browsing activities.
Jason C. LevineDon't talk to me.

Thanks, Brandon...that makes sense.

So Tor is really only useful for low-bandwidth applications.  YouTube, Facebook, and other resource-heavy things will probably be too slow or unusable altogether?
Pasha KravtsovSupport Engineer


They are all usable.. some nodes give you fast access, some are hideously slow.. you CAN watch videos, download stuff whatever it's whether you want to deal with the slowness.
how can I stop this?! when my hotspot logout or my laptop disconnect, my ip addr and iptables are in old state and can not connect to web until restart. even iptables -F don't resolve. in result of ip addr command I have an extra iP under wifi deveice

View More

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.

Get access with a 7-day free trial.
You Belong in the World's Smartest IT Community