I'm looking to embark on a more than one weekend project: having a gateway server between my router and modem. I know LAN very well but I'm a bit sketchy when it comes to LAN to WAN. I know that my ISP has some basic firewall filtering on their end and I'm aware there is a risk of DMZing a box.
The plan I've come up with is to point my gateway to eth0 of the gateway server and have it flow out of eth1.
Inside of the gateway I would like to set up pi-hole as a first line of defense to filter out some of the noise to the proxy server.
I've never set up a proxy server but I know what they are used for, I also do not know if by setting up a proxy server on the WAN side of the router if I'll need to set up browsers for the proxy. If this is the case then I won't be doing a proxy server due to guests on my network. At the moment I am considering Squid for the proxy since it has web cache abilities.
I want to include OpenVPN and push the traffic off to OpenDNS for further filtering of malware domains.
I also plan to use IP tables (or suggested firewall) along with Snort (or suggested IPS/IDS) to block non-associated traffic from the web.
The only reason I haven't just decided to go with PFSense is because I want the ability to run scans on my network and capture traffic using nmap and Wireshark.
Has any one attempted this kind of set up or have any suggestions regarding the setup, red flags, or alternative software that I might use. If you know of any helpful links other than the main wiki/documentation that would be helpful.
I'll take notes as I work on this and try to make a decent how-to guide once I'm done.