I am looking at the possibility of implementing transparent Squid proxy with
content filtering (Dansguardian or possibly Smartfilter) on one or more Unix
or Linux boxes in conjunction with a PIX but I believe there are some
pitfalls to do with Squid and PIX and I'd be glad of any advice as to what
is possible.

The preferred solution is to put the content filtering on a dedicated subnet
behind the PIX with a subset of the traffic from the inside going to the
proxy via the PIX and all internet traffic passing through the PIX. There is
an existing Cisco router behind the PIX.

Client ---------- Router ----------- PIX ----------- internet
|
Squid etc

(Sorry, no specs to hand - the installation is a couple of years old.)