All traffic originating from [[Whonix-Workstation|{{project_name_workstation_long}}]] and [[Whonix-Gateway|{{project_name_gateway_long}}]] is routed over [[Tor]]. <ref>
Starting from {{project_name_short}} version <code>0.2.1</code>, traffic from {{project_name_gateway_short}} is also routed over Tor. This approach conceals the use of {{project_name_short}} from entities monitoring the network.
</ref> <ref>
For preserving the anonymity of a user's {{project_name_workstation_short}} activities, it isn't essential to route {{project_name_gateway_short}}'s own traffic through Tor.
</ref> <ref>
For those interested: Altering DNS settings on {{project_name_gateway_short}} in <code>/etc/resolv.conf</code> only impacts DNS requests made by {{project_name_gateway_short}}'s applications that utilize the system's default DNS resolver. By default, no applications on {{project_name_gateway_short}} that generate network traffic utilize this default resolver. All default applications on {{project_name_gateway_short}} that produce network traffic (like apt, [https://www.kicksecure.com/wiki/Systemcheck systemcheck], [[sdwdate]]) are explicitly configured, or force by uwt wrappers, to use their dedicated Tor <code>SocksPort</code> (refer to [[Stream Isolation]]).
</ref> <ref>
{{project_name_workstation_short}}'s default applications are configured to use dedicated Tor <code>SocksPorts</code> (see [[Stream Isolation]]), avoiding the system's default DNS resolver. Any applications in {{project_name_workstation_short}} not set up for stream isolation - such as <code>nslookup</code> - will employ the default DNS server configured in {{project_name_workstation_short}} (through <code>/etc/network/interfaces</code>), which points to {{project_name_gateway_short}}. These DNS requests are then redirected to Tor's DnsPort by the {{project_name_gateway_short}} firewall. Changes in {{project_name_gateway_short}}'s <code>/etc/resolv.conf</code> don't influence {{project_name_workstation_short}}'s DNS queries.
</ref> <ref>
Traffic produced by the Tor process, which by Debian's default operates under the user <code>debian-tor</code> originating from {{project_name_gateway_short}}, can access the internet directly. This is permitted because Linux user account <code>debian-tor</code> is exempted in the [[{{project_name_gateway_short}}_Firewall|{{project_name_gateway_short}} Firewall]] and allowed to use the "regular" internet.
</ref> <ref>
Tor version <code>0.4.5.6</code> (with no changes announced at the time of writing), the Tor software predominantly relies on TCP traffic. For further details, see [[Tor#UDP|Tor wiki page, chapter UDP]]. For DNS, please refer to the next footnote.
</ref> <ref>
Tor doesn't depend on, nor uses a functional (system) DNS for most of its operations. IP addresses of Tor directory authorities are hardcoded in the Tor software by Tor developers. Exceptions are:

* Proxy settings that use proxies with domain names instead of IP addresses.
* Some Tor pluggable transports such as meek lite, which resolves domains set in <code>url=</code> and <code>front=</code> to IP addresses or snowflake's <code>-front</code>.
</ref>