There are several ways to do this. The easiest way is to have a router that includes a URL filtering service. That way, you control which pages you allow/deny at the exit point of your network. However, if you prefer to do this function with a server, you would need to load proxy software or other filtering service on that server. In this example, if you run proxy services, you can use one NIC. However, you would have to block all outbound traffic on the firewall for every node except the proxy server. Then force your clients to use the proxy server for internet access.

Alternatively, you could set up the server with two NICs with RRAS enabled. Then the workstations would use the server as their default gateway. Run the proxy/filtering software in the same manner. This method does not require you to configure your clients to use a proxy server. The proxy server just intercepts the traffic on the way out.

Again, always keep things as simple as possible. i would suggest hte interner router with URL filtering capabilities. It will be much faster than a dedicated server, and much less complicated, and cost less (no Windows license required, no proxy software needed, etc...)

My suggestion:

Turn off DHCP and DNS on the router.

On the server, enable DHCP and DNS services.

Configure DHCP with your ip scope assigning the router ip, dns ip (make this the 2k3 server), and wins options 44 2k3ip and 46 0x8 for hybrid.

Configure the DNS with a forwarder to the open DNS servers.

Open DNS servers let you sign up to control dns lookups for free. You can cut off certain web pages by 'turning off' dns resolution for those pages. the local DNS server will cache results and help speed up dns lookups.

you can block with a dns server, but it's an all or nothing situation. create a new dns zone and just put for example: facebook.com and it will forward those requests to your server. At my office i use a high end firewall and filter by IP addresses, but not a cheap solution with what you already have.