basic questions

Hi all,
I need help to configure this scenario (NB: I can't change this):

lan - hub/switch - firewall (leaf/bering) - router - modem dsl - internet -
router - firewall (leaf/bering) - hub/switch - lan

IPSec tunnel runs with pre-shared key on firewalls on both side. Obviously,
both side has public ip address.
I'm new to this kind of things so I'd like to learn fundamentals:
Why should I put a router if a I already have a firewall just behind it?
I mean, router "route" packets so, I should have this situation:
public ip (x.y.z.k) on router that nat adress behind him... like this,
x.y.z.k on router - 192.168.0.0/24 on lan, is that correct?
My firewall (leaf/bering) has three network card configuration, eth0 on
internet (I suppose I should configure it with public ip), eth1 on LAN and
eth2 for DMZ. My very question is: How can I set public ip on eth0 adapter
if my firewall is behind the router?
I'm quite sure my argument is wrong, but please someone could explain me how
does it work?
Merry Christmas to all.

G.