English · Українська
Force all outgoing traffic on Kali Linux through the Tor network, and make it persist across reboots with a systemd service.
⚠️ For educational and authorized use only. Routing all traffic through Tor changes your network behavior significantly. Use it responsibly and only on systems you own or are permitted to test.
- 1. Install Tor
- 2. Configure Tor
- 3. Install Privoxy
- 4. Enable IP forwarding
- 5. Apply the changes
- 6. Redirect traffic with iptables
- 7–12. Persist across reboots
sudo apt update && sudo apt upgrade -y
sudo apt install torEdit the Tor configuration file:
sudo nano /etc/tor/torrcUncomment the SocksPort 9050 line (or set any other free port) as the SOCKS port.
sudo apt install privoxyEdit the Privoxy configuration:
sudo nano /etc/privoxy/config- Uncomment
listen-address localhost:8118and replacelocalhostwith127.0.0.1. - Add the following line to the end of the file to forward traffic to Tor:
forward-socks5 / 127.0.0.1:9050 .
Edit the sysctl configuration:
sudo nano /etc/sysctl.confUncomment the line:
net.ipv4.ip_forward=1
sudo sysctl -pAdd a NAT rule that redirects outgoing TCP traffic through Privoxy:
sudo iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 8118All your traffic should now be routed through Tor. Verify it by checking your public IP — it should belong to the Tor network:
curl ident.meThe iptables rule resets on reboot. Wrap it in a script and register it as a systemd service so it runs automatically.
7. Create a script in /usr/local/bin (the standard location for custom binaries):
sudo nano /usr/local/bin/tort.sh8. Add the following:
#!/bin/bash
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 81189. Make it executable:
sudo chmod ugo+x /usr/local/bin/tort.sh10. Create a systemd unit that runs the script:
sudo systemctl edit --force --full script.serviceThis opens a text editor — paste:
[Unit]
Description=My Script Service
After=multi-user.target
[Service]
Type=idle
ExecStart=/usr/local/bin/tort.sh
[Install]
WantedBy=multi-user.target💡 In
ExecStartyou can specify either the path to the script or the rawiptablescommand directly. Using a script is more convenient — you can simply edit it to add more commands to run at boot.
11. Enable the service so it starts on boot:
sudo systemctl enable script12. If systemd doesn't see the service, reload the unit definitions:
sudo systemctl daemon-reload