PACKET FILTERING: ISA Server comes in two editions, Standard Edition and Enterprise Edition.

Standard Edition is a stand-alone server that supports up to four processors. Enterprise Edition is for large-scale deployments, server array support, multi-level policy, and computers with more than four processors. Licenses are based on the number of processors.
ISA Server contains a routing feature that allows the ISA Server to act like a router information can enter the ISA server and be routed to a different section of your network. The router usage is helpful in a number of scenarios, such as with a DMZ network or if the ISA Server needs to route information to different IP subnets.

(Internet Security and Acceleration Server) NAT REASON: Hosts behind NAT-enabled routers do not have end-to-end connectivity and cannot participate in some Internet protocols. Services that require the initiation of TCP connections from the outside network, or stateless protocols such as those using UDP, can be disrupted. Unless the NAT router makes a specific effort to support such protocols, incoming packets cannot reach their destination. Some protocols can accommodate one instance of NAT between participating hosts ("passive mode" FTP, for example), sometimes with the assistance of an application-level gateway (see below), but fail when both systems are separated from the Internet by NAT. Use of NAT also complicates tunneling protocols such as IPsec because NAT modifies values in the headers which interfere with the integrity checks done by IPsec and other tunneling protocols. The end-to-end principle is a classic design principle of computer networking which states that application specific functions ought to reside in the end hosts of a network rather than in intermediary nodes, provided they can be implemented "completely and correctly" in the end hosts.
PROXY reason: proxy will force all traffic going through your router to go through the proxy and going through a proxy will slow your connection down. What you could do is buy another router (Linksys) and install ddwrt. You can also buy anonymous VPN service (ipredator) that doesn't keep records and configure ddwrt's vpn client to use that. I currently have this setup and it is fine most of the time. There are times when things go bad and it is too complex to troubleshoot. If you don't have a lot of networking experience, forget about it

DD-WRT is a Linux-based firmware for several wireless routers, most notably the Linksys WRT54G (including the WRT54GL and WRT54GS). Like other similar projects, DD-WRT is third-party firmware designed to replace the firmware that ships pre-installed on many commercial routers. This is done for a variety of reasons including

the addition of features which are not typically included in a manufacturer's router firmware

Functions of a router A router performs two core functions: 1. Packet forwarding 2. Sharing routing information, itself known as routing In addition, a router may perform some of the following ancillary functions: 1. Packet filtering 2. Network Address Translation (NAT) 3. Link monitoring/statistics gathering, accounting 4. Proxy 5. Protocol translation/tunneling 6. Packet encryption/decryption for Virtual Private Networks (VPNs)

What is a router?
A host (node) with more than one interface to network In layering terminology, a device which works at network layer In the most basic form, a router takes packets sent to it on one interface( link), looks at its destination IP address and 1. sends it to destination if its directly accessible 2. sends it to another router if it believes that it can move the packet to the destination 3. drops the packet if no information about destination is available