All traffic originating from [[Whonix-Workstation|{{project_name_workstation_long}}]] and [[Whonix-Gateway|{{project_name_gateway_long}}]] is routed over [[Tor]]. <ref>
Starting from {{project_name_short}} version <code>0.2.1</code>, traffic from {{project_name_gateway_short}} is also routed over Tor. This approach conceals the use of {{project_name_short}} from entities monitoring the network.
</ref> <ref>
To preserve the anonymity of a user's {{project_name_workstation_short}} activities, it is not essential to route {{project_name_gateway_short}}'s own traffic through Tor. (Note: The gateway is mainly a tool that helps route traffic; it does not typically contain personal activity data.)
</ref> <ref>
For those interested: altering DNS settings on {{project_name_gateway_short}} in <code>/etc/resolv.conf</code> only impacts DNS requests made by {{project_name_gateway_short}}'s applications that utilize the system's default DNS resolver. (DNS is like the internet's phonebook - it translates website names to IP addresses.) By default, no applications on {{project_name_gateway_short}} that generate network traffic use this default resolver. All default applications on {{project_name_gateway_short}} that produce network traffic (like apt, [https://www.kicksecure.com/wiki/Systemcheck systemcheck], [[sdwdate]]) are explicitly configured, or forced by uwt wrappers, to use their dedicated Tor <code>SocksPort</code> (refer to [[Stream Isolation]]).
</ref> <ref>
{{project_name_workstation_short}}'s default applications are configured to use dedicated Tor <code>SocksPorts</code> (see [[Stream Isolation]]), avoiding the system's default DNS resolver. Any applications in {{project_name_workstation_short}} not set up for stream isolation - such as <code>nslookup</code> - will use the default DNS server configured in {{project_name_workstation_short}} (through <code>/etc/network/interfaces</code>), which points to {{project_name_gateway_short}}. These DNS requests are then redirected to Tor's <code>DnsPort</code> by the {{project_name_gateway_short}} firewall. (This ensures DNS lookups still go through Tor even if they use the default method.) Changes in {{project_name_gateway_short}}'s <code>/etc/resolv.conf</code> do not influence {{project_name_workstation_short}}'s DNS queries.
</ref> <ref>
Traffic produced by the Tor process, which by Debian's default operates under the user <code>debian-tor</code> and originates from {{project_name_gateway_short}}, can access the internet directly. This is permitted because the Linux user account <code>debian-tor</code> is exempted in the [[{{project_name_gateway_short}}_Firewall|{{project_name_gateway_short}} Firewall]] and allowed to use the "regular" internet. (This is necessary for Tor to establish its connections.)
</ref> <ref>
As of Tor version <code>0.4.5.6</code> (with no changes announced at the time of writing), the Tor software predominantly relies on TCP traffic. (TCP is a common protocol used for stable internet connections.) For further details, see [[Tor#UDP|Tor wiki page, chapter UDP]]. For DNS, please refer to the next footnote.
</ref> <ref>
Tor does not depend on, nor use, a functional (system) DNS for most of its operations. IP addresses of Tor directory authorities are hardcoded in the Tor software by Tor developers. (That means Tor knows important addresses in advance and doesn't need to look them up.) Exceptions include:

* Proxy settings that use proxies with domain names instead of IP addresses.
* Some Tor pluggable transports, such as meek lite, which resolve domains set in <code>url=</code> and <code>front=</code> to IP addresses, or snowflake's <code>-front</code>.
</ref>