As Ranieri pointed out, we don't know if you need 10/100/1gig or half/full duplex. We also don't know what kind of CPU you are using. And we don't know how many of these you want to make (I'm assuming 50+, for various reasons). So this answer is sort of a stab in the dark, but...
There are four different approaches you can take. 1. Use a passive hub. 2. Use a 3-port switch chip. 3. Use a CPU that has two Ethernet ports on it. Or 4. forget the 2-port requirement and use commercially available Ethernet switches instead.
I've done enough PCB's with Ethernet to tell you that a passive hub isn't all that great. It might work in some one-off situations, but for a real product they stink. They will limit network bandwidth in weird ways, limit your max cable length, etc.
There are several companies that make Ethernet switch chips. Micrel is one of them, and more importantly Digikey has them in stock. I haven't read the datasheets to know now suitable they are, but it looks promising.
Using a CPU with two embedded Ethernet controllers can be a good option, and would be the option that most companies would choose. But for this to work well, the CPU should be at least a 32-bits, like an ARM or PowerPC. The CPU needs to be running a reasonable TCP/IP stack and be setup to route packets between the two Ethernet controllers. Companies like AMCC and Freescale make these. TI has one on their roadmap, although I don't know if it's available yet.
So I don't know which one will be a good solution for you. My guess is that you'll have to choose between the lesser of three evils, but that's frequently the way engineering works.
Both are needed in half-duplex.
Duplex basically means: Two transmission channels, one for sending, one for receiving.
For Ethernet, full duplex means: TX and RX can happen at the same time.
For Ethernet, half duplex means: TX and RX do not happen at the same time, but still, being duplex, using separate channels.
This differs from the use of the word half duplex in other transmission schemes, like serial communications.
This has to do with the origins and definitions of Ethernet. Most of this goes back directly to what was possible 30 years ago, all 10base signals go back to 1981 at least. 100base was just an extension of that. Gigabit Ethernet changes this and does proper full duplex, sending and receiving on all lines simultaneously.
Now, speaking of oldstyle Ethernet, 10base2 etc: The protocols are hardware-independent. The same signal would be encoded on optical or electrical transmission channels. Back then, optical channels could not easily switch between sending and receiving. Also, early structured cabling Ethernet was connected on a hub (not switch), so CSMA-CD had to be implemented, meaning senders had to be able to listen for incoming transmissions (conflicts) during their own sending. And additionally, the early protocol stacks ran on CPUs so wimpy they could not calculate transmission and reception at the same time, giving you reason to drive half-duplex in an environment that was otherwise perfectly capable of full-duplex.
Best Answer
Purchase an Ethernet hub chip. (Actually, these are hard to find these days; switches are much more common.)
Build the circuit shown in the chip's Application Notes or Reference Design.
If you really care about the distinction between a hub and a switch, there's some useful information here.