If you are wanting to use a virtual machine and take the associated risks, you should just just run Tor on the host and isolate everything in the VM from it. In virtualbox create a new virtual network adapter vboxnet0, it's internal IP address will probably be 192.168.56.1 now run Tor on the host in its torrc add this SocksListenAddress 192.168.56.1:9100 now when you make your virtual machine in its networking settings select to use host only routing with vboxnet0 inside the vm configure things using 192.168.56.1:9100 as the socks proxy. You need to weigh the risk and benefits of one the one hand using a virtual machine which is is likely to be much less secure than the OS would be running on non virtualized hardware, and having such a marvelously simple way of isolating your entire operating environment away from Tor and your external IP address. You are far better off using actual hardware isolation with a dedicated machine for Tor and a dedicated machine for your surfing, and indeed you are far better off using mandatory access controls and such for isolation, however these solutions are not as easy to configure and are much less convenient. For web servers I would seriously consider it since you are more concerned with an attacker being able to get the IP address than you are them being able to root the operating environment the server is running in, if you have plaintext addresses in the virtual machine it will negate the anonymity benefits of having isolated the operating environment from external IP addresses if the attacker manages to root you and deanonymize you anyway. For non root level anonymity bypass attacks though, such as pdfs or docs that phone home without taking unauthorized control of a system through a vulnerability, isolation like this is a simple way to perfectly protect yourself.