This is basically my home LAN setup. I have a gateway running PF. I read that the only program that should run on a Packet Filtering machine is Packet-Filter. Here I found this how-to "Dansguardian Setup with ClamAV Content Filtering & Squid Transparent Proxy". Should I use an additional machine and insert it between the Packet-Filter gateway and the internal LAN and install these programs on that machine? I think the machine will need two ETHERNET cards just like the gateway and than I add two cross-over cables to make the connection. Is this about right? Latter I want to ssh and ipec to the LAN from a laptop for practice, so are there other programs I need to install so it be ready? If so, would it be OK to install these types of other programs to the new Dansguardian machine (making it like an all-in-one IDS system)?
Machine-1 FreeBSD 8.0-i386 Gateway-pf Firewall
Machine-2 Windows XP Mainly for internet Access
Machine-3 FreeBSD 8.0-AMD Webserver + e-mailserver
Machine-4 Partitions for KVM and ESX To study both KVM and ESX