At my work (small 2-year college) we are opening a second location and will have 4 separate subnets at 2 different locations. We have a “Front Office” network and a “Student” network that we want to be separated from each other. (We don’t want the kiddies trying to change their grades on the office servers… As long as the networks are firewalled from each other, the kids won’t even know the front office exists.)

Networks A and B are at site 1 and networks C and D are at site 2.
Networks A and C are “Front Office” networks.
Networks B and D are “Student” networks.
Network A needs to talk with C, but not B or D
Network B needs to talk with D, but not A or C
Network C needs to talk with A, but not B or D
Network D needs to talk with B, but not A or C

We only have one static IP at each location.

We would like to setup 2 Linux boxes.

Linux box 1:
Site 1
NIC 1: Network A
NIC 2: Network B
NIC 3: Static IP (Internet)

Linux box 2:
Site 2
NIC 1: Network C
NIC 2: Network D
NIC 3: Static IP (Internet)

What I am thinking I need is to setup a VPN between the sites, setup a firewall to allow communication between the correct networks, and setup some sort of NAT so each network can still access the Internet. Also a HTTP proxy/caching server would be nice as well.

So my question is…Is this configuration possible? What distribution and software packages would you recommend? Could you give me an example configuration to get me started?

Thank you greatly for even reading this huge post!