Wow, interesting. I would never think to buy some dedicated product to do something like this. I would find an old box somewhere, install OpenBSD, and resume my day.
I have a Soekris net5501 that I use as a router and it does 100MBps between two of the NICs without much trouble (with pf). I have a Gigabit NIC in there and it manages to push around 300-400MBps between it and another box on the network (with an admittedly shitty NIC that craps out on any frame bigger than 1500 bytes).
The gigabit NIC uses more power than the box itself. A whole x86 machine with 5 NICs running the latest version of a modern OS that uses less than 20W of power. And of course no fan or other moving parts.
Anyway, copying packets from one network to another is not a particularly difficult task. "pass out keep state" is similarly simple. So really, this is a task that doesn't require a "vendor", it simply requires a computer that has more than 32M of RAM that can talk to NICs.
For the product I work on (a connection bonding appliance & service), we've used Soekris devices but have found them to be underpowered compared to newer Atom-based products from Portwell [1] and Lanner [2]. Geode-based products are fine if all you're doing is basic firewall, routing, and VPN stuff. Apparently Soekris is soon to introduce their own Atom device.
Another option is a Linux netbook configured with VLANs to get around having only a single NIC. Then if you lock yourself out via the network, you have a keyboard and monitor built-in and don't have to go find the serial cable in your stuff-you-hoped-you'd-never-have-to-use-again box.
The embedded Atom platform they've used has a total of four 1X pci-express channels. Despite this they've fitted two mPCI ports, two 1X PCIe slots, four 1G ethernet ports, and 2 SATA ports.
So I doubt the ability of this platform to even be able to route packets amongst the four interfaces at full speed, let alone filter the packets at the same time. It will, however, do better than the existing Soekris products.
It seems kind of crazy that he's so sensitive to ambient noise, but is willing to keep a qnap nas going, too. I'd just give in and put a BSD or Linux box in with a bunch of disk to do NAS, and then put it in an enclosure with large, slow fans for cooling.
Most people don't have 2 50Mbps providers like Matt does, so most of us don't need fancy hardware to do this. You can install OpenWRT on pretty much any cheap router to do this. (The Linksys WRT54GL is the canonical example).
Having recently needed to replace a router running DD-WRT I discovered that much to my dismay routers that can run *WRT are becoming less and less available. I suppose this isn't too surprising but it did annoy me.
I ended up with a TP-Link access point (one of the challenges was getting an access point rather than a router) and it has so far worked out.
I have a Soekris net5501 that I use as a router and it does 100MBps between two of the NICs without much trouble (with pf). I have a Gigabit NIC in there and it manages to push around 300-400MBps between it and another box on the network (with an admittedly shitty NIC that craps out on any frame bigger than 1500 bytes).
The gigabit NIC uses more power than the box itself. A whole x86 machine with 5 NICs running the latest version of a modern OS that uses less than 20W of power. And of course no fan or other moving parts.
Anyway, copying packets from one network to another is not a particularly difficult task. "pass out keep state" is similarly simple. So really, this is a task that doesn't require a "vendor", it simply requires a computer that has more than 32M of RAM that can talk to NICs.