The standard solution is cluster and virtualization. With them "on the fly" you can do anything. It is clear that for such joy you need to have at least two identical servers.
It's not clear what "on the fly" means. DNS-DHCP-NAT-SQUID are configured in 15 minutes, further configuration will of course cause short-term Internet dumps (and even if you do not use squid reload, but rudely squid restart).
Your sandbox needs one external IP and another test machine.
As a distribution, I recommend openSUSE 13.2 in a minimal configuration (no graphics). The pseudographic YAST configurator does not differ in functionality from the graphic one.

Initially, you just need to raise nat on the server and change the addressing and gateway on the network. By itself, installing squid does not change anything for clients until you change the proxy settings in browsers. The same goes for most other services. Carefully, you only need to configure the firewall rules, where you can easily cut off everyone from the Internet.

Yes. You can run two squids with different configuration files and ports. The only problem is a transparent proxy, you will have to tinker a little here. Well, make a whitelist for machines that require NAT.

Try Proxmox
There and virtualization both at the level of containers and KVM (by the way, the latest Atom supports hardware virtualization)
You can test and have a working configuration on one machine.