In theory policy routing could be used (instead of DNAT), and squid should not have problems with this (would not refuse such requests). This solution is described here:
I tried to implement it but could not make it work. This solution seems simple but it becomes too complicated in case that it is applied to docker containers, because docker makes host iptables a mess.
Finally I gave up and made up my mind that there are no benefits of starting the container with its own namespace, especially because the implementation is much more complicated.
In theory policy routing could be used (instead of DNAT), and squid should not have problems with this (would not refuse such requests). This solution is described here:
I tried to implement it but could not make it work. This solution seems simple but it becomes too complicated in case that it is applied to docker containers, because docker makes host iptables a mess. Finally I gave up and made up my mind that there are no benefits of starting the container with its own namespace, especially because the implementation is much more complicated.