Tanks a lot Brian1, but i faund my way.
i had mange to do it,
i will right a tutorial soon.
but meanwhile this may help you.
ok first remembe i am talking of a proxy, not a routeur or a fierwall.
This means packet does not flow throw. packets arive to the proxy, and proxy recreates new packets that he send to the destination.
so when you are manipulating outgoing packets, you have no way of knowing on what ip adress the proxy receive it.
so here is my current working solution (it may not be the il explain later what would be the best solution).
ok ...
so i created 1 users by ip address (i have 20)
prox0 UID (user id) 500
prox1 UID 501
prox2 UID 502
.....
then i started 1 instances of my proxy server for every single ip adress, each one running under a diffrent users, each one listening to a different ip adress.
(starting 20 instances of SS5 (SOCK5) was easy, but 20 instances of squid was more difficult, but i wont explain here how i did it)
and finaly
i am marking the packets depending on what user created created it, and i do some SNAT (SOURCE NETWORK ADDRESS TRANSLATION) to set it to the desired ip address.
iptables -t mangle -A OUTPUT -m owner --uid-owner 500 -j MARK --set-mark 100
iptables -t nat -A POSTROUTING -m mark --mark 910 -j SNAT --to-source 135.135.135.1
iptables -t mangle -A OUTPUT -m owner --uid-owner 501 -j MARK --set-mark 200
iptables -t nat -A POSTROUTING -m mark --mark 200 -j SNAT --to-source 135.135.135.1
.........
it work like a dream!
now i said that this solution is not the best here why.
technicaly if the proxy is well coded he should create his packet whit the SRC = ip adress he was bind to.
(the routing table will later reright it whit the default(first) ip address).
so in theory, we could mark the packet acording to the SRC header, then after the routing tables has made his stuff,
reright the src header to what it was originaly.
this method would not save from starting 20 instances of my proxy, but i would not need to start every single of them under a different user.
but i failed trying to process this way. it may be one of the falowing reason:
-the proxy is bad coded and does not put a SRC header, or the first ip adress in it (eth0).
-before doing this project i did not know nothing about routing, so i may simply fail because of my lack of experience.
-iptables may be bugged and fails on detecting the src header of outgoing packets.
while i am writing this i realise that acording the graphic i have beside me, there is noting betwen 'local process' and 'routing decision', so that may be it.
whit any of those technique, i could send the packet to diferent routing tables insted of doing SNAT, i dont see why sending packets do different tables would be better ... or worse....
any way, my technique involves less keystroke!
i hope this helps!
i see you have a lot of links to tutorials, when throw a lot myself, but here is the one that helped me the mos!, i dont know if it is already part of your list.
http://iptables-tutorial.frozentux.n...-tutorial.html
By the way, you are not alowed to use this knowledge, unless you claim aroud the world that i am a genius!