How to get Docker images to use my transparent/intercept squid on the host without touching Docker images?

Question

I have a squid instance running on my server which is connected to 192.168.178.0/24 through eth0 with 192.168.178.26 and serves as gateway for the LAN 192.168.179.0/24 through p18p1 with 192.168.179.1. I use

sudo iptables -t nat --append squid --match owner ! --uid-owner 171 -p tcp --dport 80 --jump DNAT --to 192.168.178.26:3128
sudo iptables -t nat --append PREROUTING -i p18p1 ! -s 192.168.179.1 -p tcp --dport 80 --jump DNAT --to 192.168.178.26:3128
sudo iptables --append FORWARD -s 192.168.179.0/24 -d 192.168.179.1 -i p18p1 -o p18p1 -p tcp --dport 3128 --jump ACCEPT

to redirect traffic from the LAN and the gateway to squid which has a url_rewrite_program configured which then redirects requests for .deb packages to 192.168.178.26:3142 where apt-cacher-ng is listening and serving the request (171 is the ID of the apt-cacher-ng system user). This setup works well for the gateway and LAN clients running Ubuntu as well as VirtualBox machines with NAT or bridge networks. However not for Docker, no matter which --network mode is specified (I guess one can expect that since the virtualization is different from VirtualBox).

I tried

sudo iptables -t nat --append squid --match owner ! --uid-owner 171 -p tcp --dport 80 --jump DNAT --to 192.168.178.26:3128
sudo iptables -t nat --append PREROUTING -i docker0 ! -s 172.17.0.1 -p tcp --dport 80 --jump DNAT --to 192.168.178.26:3128
sudo iptables --append FORWARD -s 172.17.0.0/16 -d 172.17.0.1 -i docker0 -o docker0 -p tcp --dport 3128 --jump ACCEPT

but that has no effect (my test is sudo docker run -it --network="bridge" ubuntu:zesty and inside docker I run apt-get update && apt-get install --yes gcc)

So, just to make sure: I don't want to run squid inside Docker. It's not a bad idea, but squid is working fine on the host and I don't want to touch this working system. Changing the Docker images (I assume I could simply add a few iptables statements to the startup routine) is not an option because they should still be usable on remote CI services.

I'm using squid SQUID_4_0_16-455-gc672a58b2 installed from source on Ubuntu 17.04.