would like the virtual machines to use the external IP addresses.
I guess you need the WAN interface to route on IP and mask, not just IP. Can you assign a network to the WAN interface?
I dont think IP tables will help you here and you've also got to watch those subnet masks.
If your WAN interface has 255.255.255.248 then 1.1.1.208 is your network, 1.1.1.215 is your broadcast, and 209-214 are hosts expected to be on the same interface.
When the traffic comes in the ARP request (trying to find the physical adapter for that destination IP address) will only happen on that same interface - it wont propogate to the other switch / LAN ports, unless you are creating a bridge (as you say) to the other ports, on a different VLAN.
I've done this before on OpenWRT, but I can't see an easy way to do it with the stock/Merlin firmware.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!