The netowrk:

NW 6.5SP3

-BM 3.8
-eth0 public(registered IP address) - internet
-eth1 private(private IP address) - LAN
-eth1-not required at this scheme, but installed for other purposes
-eth2-not required at this scheme, but installed for other purposes
-eth3-not required at this scheme, but installed for other purposes
-1 DHCP server class B network

The Goal:
1.Allowing only http/s traffic from the private network to the internet
2.Filtering *bad* web pages
4.DHCP clients should be shaped for a certain bandwith, and if possible
limited to certain amount of network traffic quota.

Every DHCP client even renewing its IP address will get the same IP
address as before it.

I doubt all of the above are appliable only by a NW box without a third
party network equipment or software.

The main goal at all is to limit LAN users' bandwith.
I posted this message in BM and Communications forum, so it sounds kind of
flood but it really not :)

Any help and.or ideas are wellcome (-__-)

P.S. Please dont send me links to 3-rd party proprietary software.