This really has nothing to do with the router. The best way to do what you are trying to do, is to use a hub (not a switch) outside your router. You can then put a second interface in your IDS (Snort BOX) and set the second interface to promiscuous mode. Connect this interface into the hub (outside the router). If there is no TCP stack on the outside interface, you don't have to worry about it from a security perspective. The active interface resides on your trusted segment, so the box can be used as normal...

DO NOT use any type of DMZ setting on any SOHO type device. All this does is set up port forwarding to your machine. While this technically would probably work, you are exposing everything on your network if the virtual DMZ host is compromised.