Yes, if you get the config all right, but you don't necessarily need two NICs, you can run multiple subnets on one cable with one NIC by aliasing multiple numbers onto the same card, we have three different numbering systems on a single NIC! You also don't need masquerading if you have local proxying, but this would limit what the local-number machines can do to what is proxied by the proxy. In our case the limitations are welcome - the internal machines can't be seen directly by external ones, and that protects them from nasties and prevents them doing lots of non-academic things like ICQ, Napster, making money by browsing, bypassing the external filtered proxy, etc.
Well that sounds ideal but how do I perform aliasing?
Depends on your system, probably, but on our FreeBSD it's by the use of
ifconfig_<interface>_alias=" ... "
entries in the rc.conf file: ours are for example:
ifconfig_fxp0="inet 10.10.128.254 netmask 0xffff0000"
ifconfig_fxp0_alias0="inet 194.238.175.254 netmask 0xffffffc0"
ifconfig_fxp0_alias1="inet 10.0.128.254 netmask 0xffffff00"
[beware, on our system extra spaces, eg either side of the =,
will mess things up]
and the result from an "ifconfig -a" command is
fxp0: flags=8943