If you have
very long netfilter rules to filter out 100,000 blacklisted IP address, that can slow down connection. I think that DansGuardian and SquidGuard will use the Berkley Database to hold the blacklist which will speed things up, and they claim that they don't load down a computer too much. Also a proxy or transparent proxy server has more to do since it also examines the contents of the packets and that takes time as well. A large installation that uses transparent proxies to block traffic might use a small rack of blade servers and squid to balance the number of connections between a number of processors. However in your case this won't be necessary.
You may already be behind a transparent proxy without knowing it. Many ISPs run proxy servers to cache internet traffic in order to save bandwidth.
You might want to try using Google with the terms:
site:www.tldp.org proxy
There are distros that are designed to run on older retired machines and run as firewalls. It would also be better for security to use a dedicated machine. Such a machine would actually have very little installed, so it would run faster than it would if configured as a workstation. It probably wouldn't even have X windows installed. If only the absolute minimum is installed, there are fewer potential targets of opportunity for hackers to try to attack. Then you can free up your main workstation of these duties and since it is entirely inside the firewall, be less paranoid about the services you offer to the LAN.