NOTE that mixing clearnet and an overlay net is asking to fuck up eventually.
Tor uses a fake subnet to provide IP addresses to its secret tunnels. Use a firewall rule to force traffic destined for those fake addresses to go through the TransPort of the tor router.
Add ip rules to force traffic through tor:
iptables -t nat -A OUTPUT -p tcp -d 127.192.0.0/10 -j REDIRECT --to-ports 9040 ip6tables -t nat -A OUTPUT -p tcp -d FE80::/10 -j REDIRECT --to-ports 9040
Need to enable the transparent access port in tor:
These flags need to be in the server section of unbound.conf:
server: do-not-query-localhost: no tcp-upstream: no domain-insecure: "onion." private-domain: "onion." local-zone: "onion." nodefault
Add a forwarding zone in unbound.conf:
forward-zone: name: "onion." forward-addr: 127.0.0.1@9053 forward-first: no