generally Tor will appempt to connect on 443, 9001 and possibly others for traffic, but that depends on the remote node its connecting to (nodes can specify their port). you only need to open/forward if you plan on receiving unsolicited traffic - still a good idea, but Tor should have the ability to initiate traffic to remote hosts on a few ports (e.g. 443, others) to establish a connection to the Tor network.

9050 is your socks proxy - so protect it. if your nftables is blocking localhost:9050/TCP then you need to correct that.

your applications then connect to localhost:9050 and Tor will proxy traffic for them.

edit: take a look at your Tor logs and see what its telling you. Tor usually produces reasonable quality logs for troubleshooting.

edit edit: if you are just looking to browse via Tor, an easier, more secure out of the box option is the Tor browser bundle. anonymity can be accidently broken, for anyone - even the most careful. if this is just a learning exercise, then carry on :-)