I have not worked with SNORT much or done too much research on this but it sounds possible.
If I setup a server and run snort on it. Would it then be possible to route ALL my traffic through it like a firewall to my websites? Would this allow me to have a central point to filter out all bad traffic?
As for as forwarding goes, should I use GRE tunneling or is there a better way? I would like to try and keep the client's IP if at all possible.
So I could run maybe HA Proxy/nGinx as a way to forward the website traffic off and keep the client IP in the packet and not end up with every client as the proxy server's IP.
One installation method for Snort is called in-line mode. In this configuration your snort sensor will be a choke point for your traffic, much like a traditional router or firewall. All packets will be received on the outside interface, passed through the snort application, and then forwarded onto the inside interface. If done correctly it will be transparent to the traffic and will be nothing more than a bridge. It also requires no modifications to the servers you are attempting to protect. All traffic will flow through the sensor because it cannot go anywhere else.
From here you can decide whether to run snort in IDS or IDP mode. IDS is less scary to implement, in that alerts will be fired and bad traffic will be logged, but packets will still be passed. IDP mode will analyze the packets, and if configured so will drop the packet if it triggers an alert.
In any case you must be careful with which rules you configure, and that your sensor is properly sized. If, for example, if the snortd process is overloaded and can't process a packet it won't make it out the other side. It is quite trivial for snort to hit 100% cpu usage, or memory.
For the first question - yes, that would be possible. You'd have the DNS for your webservers set to the server running SNORT, and have that server forward the traffic to the actual webserver. That's one of the standard ways to set up a firewall/filtering server.
For the second - that's a question that invites a long discussion, something doesn't really fit with the ServerFault site. "Better" is a very subjective and ill-defined term. I should start by considering what priorities you have, in terms of security, stability, ease of upgrading/updating packages, performance, etc. Once that's done, you can start comparing how the two different unixes compare in those regards, and if you have some specific questions there's more chance that you'll get a good answer.
Would it then be possible to route ALL my traffic through it like a firewall to my websites?
Not only is it possible, but it's exactly how you should setup an IPS if you want it to actually drop bad traffic.
If not, then it becomes an IDS and will only flag bad traffic.
The only part of your question I do not agree with is when you compare Snort with a firewall.
I have the feeling you are kind of mixing three aspect of network security.
IPS/IDS
Drops traffic based on deep packet inspection and signatures
Firewall
Drops/allow traffic based on source, destination and port. Firewall did evolve and are not as "dumb" anymore, but this is the primary goal of having a firewall.
Web Application Firewall (WAF)
A little bit like an IPS, but aimed at inspecting HTTP and HTTPS traffic. WAF can, just like an IPS, drop SQL injection attempt if provided with the proper signatures.
Would this allow me to have a central point to filter out all bad traffic?
The key part of your statement is all bad traffic. To that, I would answer no.
The only way to block all bad traffic is to block all traffic.
The most secured web application I had seen in the field at all three (IPS, Firewall and WAF) protecting the front end. Then had the application and the data segregated with firewall between the three layers. It also had another IPS only for SQL Injection inspection between the application and the data.
Guess what...that probably still was not able to drop all bad traffic.
Finally, regarding the platform to use.
I really like openBSD. PF is a very powerful and free firewall.
But your choice should be based on what you are comfortable managing and configuring. If you are used to Ubuntu or CentOS, then go with that. There's no point in trying to secure your application with a tool you are not mastering.
Because if you do, chances are you will actually lower the security level of your network instead of increasing it.