I'm working on setting up something very similar for one of our clients, for exactly the same reason. Smoothwall, once you implement it, will of course allow you to do this. I ended up using Zentyal for our client. Configuration was straightforward, I threw in an extra NIC and bridged them for throughput, then set up a transparent proxy so I wouldn't have to do any individual configuration. I'm actually waiting to implement it until they have the final release of 3.0 (out on Sept. 13th) as it will be based on Ubuntu 12.04 instead of 10.04, and looks to clear up some of the web-based management lag. Might be worth checking out.