>From personal experience, I think the easiest route for him would be
the first one with the old PC. You would need maybe 3 NIC's at the
most (if you wanted to segregate the 2 internal networks). 2 NIC's if
you don't need to.
There are distributions that specialize in NAT, FW, QoS, etc.
monowall, pfSense (both built on BSD actually). Both are easy to use
and work well. The easiest I found to work with is smoothwall.
Download the Express edition from
smoothwall.org. It's a Linux base,
all OSS and you get constant updates when you register (free). The
install is one of the easiest I've ever seen. It steps you through
pretty much everything, with automatic NIC setup as well (choosing
which NIC goes to what connection).
The web interface is gorgeous and simple to navigate and setup. You
can also still login to it via SSH / console and muck around manually
at the command line if you want. I have smoothwall running on a 300
MHz AMD-K6, 64 MB with a 2.5 GB drive and I've gone as low as a Pentium
133 MMX, 32 MB, 2 GB to run it on. It still performed well enough.
The most important features for me were the QoS (favor VoIP traffic
over P2P, IM, Mail, FTP, etc.). Also the ability to segment my
wireless network was important. If you want more fine grained
bandwidth controls, go with pfSense. You can set percentages, traffic
loads, etc. SmoothWall just lets you prioritize traffic, but it works
quite well.
Just my $0.02.
Chad