Internet - cablemodem - 10.1.1.1 firewall 10.1.1.2 router / squid / dhcp / email all internal here
by your convention, maybe .2 should become .254
everything is a linux box in the net
So your router and firewall are two separate machines? Seems redundant to me, most firewalls do routing as well. The only reason you would need a router is if the firewall wasn't on the same subnet.
10.1.1.1/24 10.1.1.2/24 (Internet) --- [ firewall ] --- [ router ] | | |---[ host1 ]---| 10.1.1.30/24
You can see here that you can get to the internet by going thru the router, but because the router and the firewall are on the same subnet, you can just go directly to the firewall. You just add an extra hop that is not needed and just eats up network and computer resources.
If the firewall was on a different subnet, then you would need a router:
10.1.0.1/24 eth0: 10.1.0.254/24 (Internet) --- [ firewall ]-------------[ router ]-----------[ host1 ] eth1: 10.1.1.254/24 10.1.1.30
Here, host1 needs the router to reach the 10.1.0.0/24 subnet.