Cheap VPS & Xen Server

Residential Proxy Network - Hourly & Monthly Packages

How To Set Up A TOR Middlebox Routing All VirtualBox Virtual Machine Traffic Over The TOR Network

This tutorial will show you how to reroute all traffic for a virtual machine through the Tor network to ensure anonymity. It assumes a standalone machine with a Linux OS, and VirtualBox installed. In this case, we’ll be using Ubuntu on the host machine.

Thanks to

All commands on the host machine should be run as root (sudo or su.


Step 1 – Add A Bridge Interface For Your Virtual Machine (VM) On The Host Machine (HM)

# apt-get install bridge-utils

Add the following to /etc/network/interfaces:

# VirtualBox NAT bridge
auto vnet0
iface vnet0 inet static
 bridge_ports none
 bridge_maxwait 0
 bridge_fd 1
 up iptables -t nat -I POSTROUTING -s -j MASQUERADE
 down iptables -t nat -D POSTROUTING -s -j MASQUERADE

Start the bridge interface:

# ifup vnet0


Step 2 – Setup DHCP And DNS For Clients

# apt-get install dnsmasq

Edit /etc/dnsmasq.conf to include:


Start the daemon:

# /etc/init.d/dnsmasq restart


Step 3 – Install And Set Up TOR


Edit /etc/tor/torrc and add:

AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53

Restart TOR:

#/etc/init.d/tor restart

Create and edit on the HM:


# destinations you don't want routed through Tor

# Tor's TransPort

# your internal interface

iptables -F
iptables -t nat -F

for NET in $NON_TOR; do
 iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN
iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT

and run it:



Step 4 – Set Up The Virtual Machine On The HM

Open VirtualBox, start the machine. Go to Devices > Network Adapter. Disable all network adapters except Adapter 1.

Set the following options:

Attached to: Bridged Adapter
Name: vnet0
Click OK.

Finally make sure your virtual machine gets its IP address via DHCP, and refresh the DHCP client/reboot the VM. It should have an IP in the range 172.16.0.n, name resolver and gateway