Damn

now that I open few ports 9001

I see incoming connection that are dropped because they use totally diffrent ports

drop: IN=eth0 OUT= MAC=aMacadrs SRC=aIP DST=aMyIP LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=65508 DF PROTO=TCP SPT=443 DPT=50194 WINDOW=501 RES=0x00 ACK URGP=0

.

it’s weird in my nftable config file I have

type filter hook input priority 0; policy drop;
ct state established,related accept

Any ideas ?

generally Tor will appempt to connect on 443, 9001 and possibly others for traffic, but that depends on the remote node its connecting to (nodes can specify their port). you only need to open/forward if you plan on receiving unsolicited traffic - still a good idea, but Tor should have the ability to initiate traffic to remote hosts on a few ports (e.g. 443, others) to establish a connection to the Tor network.

9050 is your socks proxy - so protect it. if your nftables is blocking localhost:9050/TCP then you need to correct that.

your applications then connect to localhost:9050 and Tor will proxy traffic for them.

edit: take a look at your Tor logs and see what its telling you. Tor usually produces reasonable quality logs for troubleshooting.

edit edit: if you are just looking to browse via Tor, an easier, more secure out of the box option is the Tor browser bundle. anonymity can be accidently broken, for anyone - even the most careful. if this is just a learning exercise, then carry on :-)