Privoxy and Tor

I have been trying to get privoxy to work with the transparent tor i have going on but without success,
its a bit of a complicated situation i have but am hoping for it to remain transparent aswell and preferbly with a switch in openwrt gui to enable or disable privoxy if possible ie stop privoxy it will remain using tor.
This is the setup i got going
What i basically tried in setup privoxy socks5t to and
same for the listening ports and messed around with forwarding ports but all without luck.

Thanks in advance.

I'm confused as to why you need a second proxy software, when Tor provides 2 types. I don't see how Privoxy works here?


As you already note, you want the the traffic to keep going thru Tor anyways... :confused:

Why not use the SOCKS5 proxy in Tor?!?!

Maybe you should explain your use case?

:bulb: (Also BTW, the OpenWrt Tor Wiki shows how to auto capture the traffic into Tor thru firewalling.)

1 Like

So the idea is since tor does not filter ads (i got adblock in) to have privoxy alter the websites and remove ads there aswell, im pretty sure this will break some sites thats why i nice stop of the service while tor remains intact would be perfect. With trying to get wifi over tor to work people already helped me as that wiki is aimed at people who use open-wrt as a router initially it was setup as a switch so now its sort of half a router (so tor over wifi works) and lan is handled by my other router that part is still in "switch" mode.

I don't understand this...unless you're simply trying to anonymize your DNS requests too. Just have DNS lookups as normal and; only route browsing into Tor.

Is this a separate question?

1 Like

I already run dnscrypt so adblock works and no wasnt a seperate question just what already happened here on the forum some days ago getting me setup so tor over wifi works.Now i just wanna add privoxy to it so ads will also be removed from webpages aswell atleast thats the idea.

1 Like

So what is your issue?

I apologize, I'm not being difficult, it's hard to understand "what the OP is solving".

  • Connect Priovoxy to the working Tor
  • I assume Privoxy can setup DNS servers...but then you said you use DNSCrypt???

No worries already appreciate the help and insight.
So not sure im actually solving anything more a thing i wanna try.
So right now its wifi over tor + adblock with dnscrypt else that adblock didnt work.
This setup works fine it blocks most ads at the dns level so thats good sofar.
Now i wanted to add privoxy to this so privoxy modifies the empty boxes or what the dns missed removed that from the website then goes through tor to sent the final results to me.
And since the setup for me was complicated enough that i needed help with wifi over tor i provided the pastebin with the config of the setup.

Edit: yes exactly connect privoxy to the working tor i did this in the setup (socks5t) but it doesnt work
so to make sure privoxy isnt just there for show i put in the proxy address of privoxy on pc and traffic shows in the logs of privoxy just not when using wifi devices its tor only privoxy i dont know why it gets ignored.

I meant get it working first, so that would be "no".


Is this a reference to another thread again?

No just this thread this is the thread where i asked for help on how i can get privoxy to work with tor on the setup i got. With the edit i thought you ment simply point privoxy to tor with the sock5t and all will work which isnt the case.

Can we see the relevant configs that [improperly don't] direct this traffic into Tor?

(Disregard...I see you posted something in UCI syntax, I know the file-edit method taking some time to I also have to guess what said "relevant configs" would be :slightly_frowning_face: ).

...sending traffic to the proper place I assumed was done and you just wanted non encrypted-encrypted DNS or something. My apologies.

The dns is fine the pastebin i copied in an earlier reply is the current setup i have.
Im pretty sure what i tried with the redirect traffic is where things also went wrong i kept breaking more then doing good so gave up posted here for help and restored to the previous (these) settings.

Edit: After some more fiddling today i got it working finally thanks again for all those who chimed in.
Edit2: ok it didnt work ipad was being stupid thought i finally had it help still welcome lol.

1 Like

Hi HellsAngel79,

I've running Tor & Privoxy for years on OpenWrt.
You should NOT use DNS when using Tor :wink:
All clients need proxy adjustments, or no internet is available.
Or you only want Tor active on wlan? Normally on all LAN side (lan & wlan) you should run Tor.
My clients only get ip,subnet & gateway. NO DNS!
Client requests first go through Privoxy, then through Tor to internet.

Privoxy settings:
Forwarding Socks 5t:
/ .
( Space after last dot ! This is the clients Socks 5t redirect ip:port )

Firewall, Custom Rules active (last 2 rules):

# Redirection rules for Transparent Tor
iptables -t nat -A PREROUTING -i lan -p udp –dport 53 -j REDIRECT –to-port 9053
iptables -t nat -A PREROUTING -i lan -p tcp –syn -j REDIRECT –to-port 9040


You can intercept DNS traffic with firewall and redirect it to Dnsmasq.
Then filter ads with Adblock and forward requests to Tor.

1 Like

Thank you for the replies the reason i use dns is for adblock tor makes it useless and the way i have that working now is with dnscrypt so anonimity is still fine while adblock does its thing.
ive tried / . aswell it doesnt work atleast for me the slight success ive had is messing around with port forwarding i want it to be transparent no messing around in browsers that http sites did work ie but https everything else basically fails and i dont know why.

Im not quite sure why dnscrypt and adblock work with the settings i got but as far as i can tell and test with a site here and there it does so im just gonna leave that alone as it seems to work.

Edit: i have tried the commands provided but they error out.
root@OpenWrt:~# iptables -t nat -A PREROUTING -i lan -p udp .dport 53 -j REDIRECT .to-port 9053
Bad argument .dport' Try iptables -h' or 'iptables --help' for more information.
root@OpenWrt:~# iptables -t nat -A PREROUTING -i lan -p tcp .syn -j REDIRECT .to-port 9040
Bad argument .syn' Try iptables -h' or 'iptables --help' for more information.
Edit2: ok i see it translated the - to . but replacing that still error im not familiar at all with commands so not sure why that is.
iptables -t nat -A PREROUTING -i lan -p udp -dport 53 -j REDIREC
T -to-port 9053

Edit3: Tried putting it in firewall > custom rules. turned off the router and back on disabled all other portforwarding rules i had before and it doesnt work at all.Looked in system and kernel log to see if the 2 custom rules would show up there they dont im not sure this is normal or not.


The commands should indeed be written in web-GUI / Firewall settings / Custom commands, maybe with double dash '--' (not a dot.):

The first line:

should be - with your own router's IP, of course - in Privoxy's settings, as below:

And for Tor usage I also use a virtual Network Interface, with no device attached (and whatever ip).
Within /etc/config/network:

config interface 'tor'
        option proto 'static'
        option ipaddr ''
        option netmask ''
        option delegate '0'

File torrc also needs some adjustments before all works fine.
Itself has a rather good explanation how to configure / use.

Oeps that's not good, hopefully you have them backed up.
Maybe my screen example above helps.


Thanks for the insight i did see the forum did translate another - to a weird longer stripe so i went ahead and replaced them the result still the same nothing works. i have the right ip in privoxy i dont wnna mess with the "config interface" stuff as i bet that would break everything thats why i posted the config i have running as its an odd one.Ill take a look at that torrc file i thought that would be fine as wifi+tor just works fine just when i add privoxy in it nothing works or only http sites which barely excist.

Also in privoxy i seem to get socks5t-forward error 503 negotiation got aborted by the server.
i do have this in the file for tor SOCKSPolicy accept router ip is on


From my virtual OpenWrt Tor Network, file: torrc has been adjusted:

SOCKSPort                 # Default: Bind to localhost:9050 for local connections.
VirtualAddrNetwork          # The virtual Tor ip on OpenWrt
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 9053

Privoxy log (start):

2021-02-26 10:53:38.041 7fa9a49b9d68 Info: Privoxy version 3.0.28
2021-02-26 10:53:38.041 7fa9a49b9d68 Info: Program name: /usr/sbin/privoxy
2021-02-26 10:53:38.041 7fa9a49b9d68 Info: Loading filter file: /etc/privoxy/default.filter
2021-02-26 10:53:38.042 7fa9a49b9d68 Info: Loading actions file: /etc/privoxy/match-all.action
2021-02-26 10:53:38.042 7fa9a49b9d68 Info: Loading actions file: /etc/privoxy/default.action
2021-02-26 10:53:38.044 7fa9a49b9d68 Info: Listening on port 8118 on IP address

/var/log/notices (Tor log):

# cat /var/log/tor/notices.log
Feb 26 10:51:27.000 [notice] Tor opening new log file.
Feb 26 10:51:27.235 [notice] We compiled with OpenSSL 1010109f: OpenSSL 1.1.1i  8 Dec 2020 and we are running with OpenSSL 1010109f: 1.1.1i. These two versions should be binary compatible.
Feb 26 10:51:27.246 [notice] Tor running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1i, Zlib 1.2.11, Liblzma N/A, Libzstd N/A and Unknown N/A as libc.
Feb 26 10:51:27.246 [notice] Tor can't help you if you use it wrong! Learn how to be safe at
Feb 26 10:51:27.246 [notice] Read configuration file "/tmp/torrc".
Feb 26 10:51:27.247 [notice] Processing configuration path "/etc/tor/torrc" at recursion level 1.
Feb 26 10:51:27.247 [notice] Including configuration file "/etc/tor/torrc".
Feb 26 10:51:27.249 [notice] You configured a non-loopback address '' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Feb 26 10:51:27.249 [notice] Opening Socks listener on
Feb 26 10:51:27.249 [notice] Opened Socks listener connection (ready) on
Feb 26 10:51:27.249 [notice] Opening DNS listener on
Feb 26 10:51:27.249 [notice] Opened DNS listener connection (ready) on
Feb 26 10:51:27.249 [notice] Opening Transparent pf/netfilter listener on
Feb 26 10:51:27.249 [notice] Opened Transparent pf/netfilter listener connection (ready) on
Feb 26 10:51:27.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Feb 26 10:51:27.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Feb 26 10:51:27.000 [notice] Bootstrapped 0% (starting): Starting
Feb 26 10:51:27.000 [notice] Starting with guard context "default"
Feb 26 10:51:28.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Feb 26 10:51:29.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Feb 26 10:51:29.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Feb 26 10:51:52.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Feb 26 10:51:52.000 [notice] Bootstrapped 100% (done): Done

Configure interface, is just 'Add new interface' on GUI with only an ip address (for Tor), no device attached. This should not interfere with existing interfaces.

Also the Firewall Zone settings should have the Tor interface (accept accept rejected)

This work for me already more than 5 years. Even after updates of Privoxy, OpenWrt and Tor.


Ok that helped immensily i dont have the tor log in var/log/notices or anywhere there.
I somehow keep getting refused by tor just tried to set it up as a proxy in firefox but connection refused.
A log file would be helpfull i bet, ran a full ftpsearch (i dont know commands let alone linux) "notices" does not excist.So i have no idea why its refusing when i have 2 socksports specified. This is on a fritzbox 4040 im not sure this matters but id almost blame the tor here.
Any ideas still welcome as to what i can try but i think all is covered now it just refuses it when it shouldnt.

Normally Tor writes its log to syslog.
It's in torrc file, to set the log to /var/log/notices.log.

## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
#Log debug file /var/log/tor/debug.log
## Use the system log instead of Tor's logfiles
#Log notice syslog
## To send all messages to stderr:
#Log debug stderr

Btw, I've OpenWrt with Privoxy & Tor also running on a Fritz!Box4040 :wink:
And on ZyXEL P-2812HNU-F1 and on virtual machines...


Ah ok so cant blame the fritz then lol.ive tried top and ps i dont see tor running not sure this is normal.
also dont know a better way to filter tor as a running process if its running or not.