1000Mbps is quite fast to do NAT, firewall, and potentially QoS of some kind. I recommend a good managed gigabit switch and some kind of dual or more NIC mini PC as router. With relatively modern CPU like Celeron 3000 or 4000 series 4 core processor you will be able to handle firewall, NAT, and cake SQM at full speed or near to it. you can also handle services like web proxy for access controls or caching things like Linux distro packages or other services.