Transparent Tor Proxy (macOS)

Published 21 May 2025

Introduction

Hi, do you want to use Tor as a proxy on macOS and it’s not working, or it’s only working in the browser?

Problem

First of all, we need to install Tor service with our brew.

brew install tor

After that, you can easily start Tor service running this command.

tor

Enable proxy via default MacOS settings

System Settings -> Wifi/Ethernet -> Details -> Proxies

Turn on SOCKS proxy and type those inside

Server: 127.0.0.1
Port: 9050

And boom-you’re in. Open your browser and checkout this site https://check.torproject.org

Nice, it’s working in the browser, but what about other tools? We can check if our terminal is using Tor network with this command

curl ifconfig.net

If you’re seeing you real IP address like I am, our Tor proxy isn’t working well. Not all software respects system-wide settings. What can we do about it?

Solution

Our router is the clue, in home networks, all traffic goes through the router to exit into the world. Maybe we can create our own router that will be between us and physical router?

Transparent Tor Proxy Network Diagram

Creating your own router

You could buy a Raspberry Pi, install Linux on it, and follow the rest of this tutorial on there, but who have spare Raspberry Pi for such a thing?

Instead, we’ll create our own virtual machine inside our computer. That way, you’ll have your own Linux machine for free.

We need to install some emulator, I will choose QEMU for that.

brew install qemu

Then we need to have Linux image that we will use inside the emulator. Here’s Alpine virtual image, it’s small, security focused distro but mainly it’s tiny.

https://dl-cdn.alpinelinux.org/alpine/v3.21/releases/x86_64/alpine-virt-3.21.3-x86_64.iso

Next we will need to create virtual image.

qemu-img create -f qcow2 proxy_tor.qcow2 5G

After that we will run our emulator with this command.

qemu-system-x86_64 \
  -m 2G \
  -cpu max \
  -drive "file=proxy_tor.qcow2,format=qcow2" \
  -cdrom "alpine-virt-3.21.3-x86_64.iso" \
  -boot order=cd \
  -nic "vmnet-bridged,ifname=en0" \
  -nographic

Worth noting for network adapter, we’re choosing bridge mode. It will provide us with own IP address from our home network, like a separate physical device. It will help ensure proper handling of incoming/outgoing connections, and clean IP routing.

There’s also NAT mode, but I couldn’t make it work. If you have ideas why, let me know on Twitter.

After login as root we need to setup alpine, you can use…

setup-alpine

You can go with all the default, but be careful when selecting disk, choose sda (QEMU HARDDISK) and use sys.

Once the installation is completed, press CTRL+A followed by X to quit emulator. We’ll modify our machine so it doesn’t use that much memory.

qemu-system-x86_64 \
  -m 2G \
  -cpu max \
  -drive "file=proxy_tor.qcow2,format=qcow2" \
  -nic "vmnet-bridged,ifname=en0" \
  -nographic

Configure linux

Tor

To install Tor service on alpine we need to enable community repository. Install your favorite text editor (vim)

apk add vim
vim /etc/apk/repositories

Now, we’ll update repository and install all necessary packages.

apk update
apk add tor iptables

Open Tor configuration file, enable DNS and Trans port, so we can forward all traffic threw it.

vim /etc/tor/torrc

SOCKSPort 0
DNSPort 0.0.0.0:5353
TransPort 0.0.0.0:9040

Setting the address to 0.0.0.0 lets all devices on your local network connect to the proxy.

Now we can easily enable Tor service and enable it on start.

rc-update add tor
rc-service tor start

Confirm the Tor service is running with rc-status, you should see something like this:

localhost:~# rc-status
Runlevel: default
 crond
 [  started  ]
 tor
 [  started  ]
 acpid
 [  started  ]
 chronyd
 [  started  ]
 sshd
 [  started  ]

Iptables

We only need to add 2 rules that will forward our traffic threw Tor.

iptables -t nat -A PREROUTING \
  ! -i lo \
  -p udp \
  -m udp \
  --dport 53 \
  -j REDIRECT --to-ports 5353

iptables -t nat -A PREROUTING \
  ! -i lo \
  -p tcp \
  -m tcp \
  --tcp-flags FIN,SYN,RST,ACK SYN \
  -j REDIRECT --to-ports 9040

Then save them with:

rc-service iptables save
rc-service iptables start
rc-update add iptables

Macos

Now, go back to your macOS terminal and change your gateway to virtual machine. Remember to replace the IP with your virtual machine’s IP.

sudo route change default 192.168.1.140

Again, visit https://check.torproject.org, if you have some issue and want to revert your connection, change default route to 192.168.1.1.

If everything is working on browser also check terminal

curl ifconfig.net

Congratulation

All your traffic goes threw Tor, congrats. If missed something, please let me know on my Twitter :)