Hi!
I think he has an "transit" subnet , where the other subnet/subnets is routed through to his main ip.
incoming-traffic:
ISP-ROUTER ----> CORP.-ROUTER ----> CORP.SUBNET
outgoing-traffic:
ISP-ROUTER <---- CORP.-ROUTER <---- CORP.SUBNET
In this setup, the "CORP.SUBNET" doesn't need to see the L2 between the ISP-ROUTER, just the CORP.ROUTER main's ip,
so the CORP.SUBNET can be in different interface/VLAN.
( EXMAPLE )
Transit subnet ( /29 - because of the VRRP )
ISP-ROUTER : x.x.x.1 /29
ISP-ROUTER : route-add x.x.x.x /24 via x.x.x.2 /29
CORP.-ROUTER: x.x.x.2 /29
CORP.-ROUTER: route-add default via x.x.x.1 /29
This setup is a "standard" solution, ISP can provide as many public subnet as the customer wants.
So the answer to the question, you don't need to add any NAT rule, just add forward rule and route, where your public subnet is located ( in this case the first ip is used from the public subnet as the default gw for the others)
CORP.-ROUTER - config
-A forward -S x.x.x.x /24 -j ACCEPT
-A forward -D x.x.x.x /24 -j ACCEPT
...
eth1 ip address ( TRANSIT subnet: x.x.x.2 /29 )
eth2 ip address ( PUBLIC IPV4 pool subnet: x.x.x.1 /24 )
...
MACHINE-1 ip address x.x.x.10/24 gw x.x.x.1/24
MACHINE-2 ip address x.x.x.11/24 gw x.x.x.1/24
...