C++ / C#

IPTables, TOR, Transparent proxy. Why refused?

I do a transparent redirection of traffic to the Tor network on a router (debian).
Tor itself works on the router, if you connect to it as socks5, everything opens.
You can also connect to the hidden service from the tor network.
In /etc/tor/torrc config:

TransPort 9040
DNSPort 127.0.0.1:5300
VirtualAddrNetworkIPv4 172.16.0.0/12
AutomapHostsOnResolve 1
ExcludeExitNodes {RU}

HiddenServiceDir /var/lib/tor/sergey/
HiddenServicePort 22 127.0.0.1:22

Tor starts up, listens on ports:

[email protected]:/var/log# netstat -ntap|grep LIST|grep tor
tcp        0      0 127.0.0.1:9040          0.0.0.0:*               LISTEN      4271/tor            
tcp        0      0 127.0.0.1:9050          0.0.0.0:*               LISTEN      4271/tor

DNS works fine, .onion on clients in the locale resolves to the network 172.16.0.0/12
The iptables rules are simplified as much as possible:

#!/bin/sh
iptables -F
iptables -t nat -F

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -t nat -A PREROUTING -i br0 -p tcp -d 172.16.0.0/12 -j LOG --log-prefix "REDIRECT to tor: "
iptables -t nat -A PREROUTING -i br0 -p tcp -d 172.16.0.0/12 -j REDIRECT --to-ports 9040

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

The LOG action is just to see what packets are getting in.
br0 - interface to which the local network is connected, 192.168.143.0/24
eth1 - interface with the Internet
I try to connect:

# curl -v http://flibustahezeous3.onion/
*   Trying 172.18.168.66...
* connect to 172.18.168.66 port 80 failed: В соединении отказано
*   Trying febd:6df4:bc82:357d:c8f0:a28:bfbb:7964...
* Immediate connect fail for febd:6df4:bc82:357d:c8f0:a28:bfbb:7964: Недопустимый аргумент
*   Trying febd:6df4:bc82:357d:c8f0:a28:bfbb:7964...
* Immediate connect fail for febd:6df4:bc82:357d:c8f0:a28:bfbb:7964: Недопустимый аргумент
* Failed to connect to flibustahezeous3.onion port 80: В соединении отказано
* Closing connection 0
curl: (7) Failed to connect to flibustahezeous3.onion port 80: В соединении отказано

From browsers it also answers that ERR_CONNECTION_REFUSED.
The IPTables entry also appears in the log:

Sep  2 14:36:19 debian kernel: [ 2936.037786] REDIRECT to tor: IN=br0 OUT= MAC=bc:5f:f4:de:c9:28:10:0b:a9:2f:b8:44:08:00 SRC=192.168.143.12 DST=172.18.168.66 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=18431 DF PROTO=TCP SPT=57516 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0

Why does not it work?
Is there any way to track that the -j REDIRECT rule is working?
I tried to watch tcpdump -i lo net 172.16.0.0/12, nothing gets empty.
Looked at all interfaces:

[email protected]:/var/log# tcpdump -i any net 172.16.0.0/12
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
14:39:54.221000 IP 192.168.143.12.57528 > 172.18.168.66.http: Flags [S], seq 914463515, win 29200, options [mss 1460,sackOK,TS val 10980812 ecr 0,nop,wscale 7], length 0
14:39:54.221000 IP 192.168.143.12.57528 > 172.18.168.66.http: Flags [S], seq 914463515, win 29200, options [mss 1460,sackOK,TS val 10980812 ecr 0,nop,wscale 7], length 0
14:39:54.221034 IP 172.18.168.66.http > 192.168.143.12.57528: Flags [R.], seq 0, ack 914463516, win 0, length 0
14:39:54.221037 IP 172.18.168.66.http > 192.168.143.12.57528: Flags [R.], seq 0, ack 1, win 0, length 0

I have a suspicion that for some reason REDIRECT does not work and the packets go to the provider. How can this be checked?