I had this working in my last config. In general, it’s not worth doing unless you REALLY want to use some of the filtering/QoS/firewall functionality of ZeroShell over your hardware router.
The way I did it was I created two NICs in VMWare on the vm. (It has to be ‘powered off’ to do that.) Then follow your standard configuration for a two-eth system.
The trick is, your router needs to be on a DIFFERENT subnet than all your other machines on the LAN, is 192.168.10.1 and your ETH0 should be 192.168.10.2, with the router set as its gateway, among other things. Then, set ETH1 to an IP in the range where all your other machines on the LAN will live, ie 192.168.1.1. In this way, you’re building a network that is, for all intents and purposes, just like a real hardware LAN because the only machines that will talk to each other are on the same subnet ranges.
Note: Disable DHCP on the router, or it will confuse your LAN. You don’t want machines thinking they should connect up to something in the 192.168.10.* range.
Hope that helps.