I've setup a small office network for a client. They lease space in a downtown building and are only given a single public IP address. The public IP goes into a Linxsys router, then to a switch connecting the LAN. I'm trying to setup a CentOS 5.3 server with 2 NICs, one NIC connects to the switch and the other to the DMZ port of the router. I want to configure Shorewall to allow all traffic originating from the LAN NIC, but filter traffic originating on the DMZ NIC. Both NIC's are on the same subnet which is my only option with this router.

I have a similar setup on my test network except that the LAN has a private IP and the WAN has a public IP. I copied the configs to my client's server but when I start Shorewall it blocks all traffic on both NIC's.

Is this because they are on the same subnet? That's the only difference between my working Shorewall config and this non-working config.

Is this just a bad idea all around?

the difference between your lab and real scenarios is huge, as you are bridging at layer 2 instead of routing at layer 3. As such you would need to create a bridge interface between the two and use ebtables instead of iptables to do filtering.