Greetings!
I'd have to agree with ralvez, especially regarding the ssh issue: sure it would be nice but if you do not need it, leave it off.
It appears to me that you have a reasonable security setup. There are only a few things I'd wish to contribute.
1) Firewall. You said you use the "default" firewall settings on your SuSE proxy. I personally do not trust any firewall that I do not know exactly how it works. So if I were in your position, my first task would be to configure my own iptables firewall. That way I could make sure that it allows/blocks/logs exactly what I want and nothing more, nothing less.
The same is true for your "Router with NAT & Firewall". If it is a linux/unix box, I'm pretty sure that you could still improve its configuration somehow. If it's a hardware router - just forget about that paragraph.
2) Now for some advanced stuff. If you are really paranoid, you should setup and configure some kind of intrusion detection system. For some time I used to use tripwire which checks all files for (unauthorized) changes. But it is kind of a pain to set up and maintain because it will alert you whenever you do any system updates (which you should do regularly!). But it is possible to configure it in a reasonable way.
3) Finally the obvious stuff: Make absolutely sure that your daemons (squid, named, etc.) listen only on the internal network interfaces. That way they would not answer to any requests from outside even if anyone would manage to bypass your firewall. If possible also use tcp wrappers. I think special kernel hardening patches would really be overkill for your setup but if you wish, read up on them and utilize them anyway.
Linux/Unix security is not very hard to achieve but getting it anywhere near perfection is a long, hard (and very educating) process.
All the best!