You may find yourself unable to ping the local and remote IPs of the ClearOS router from a host configured with a public IP address participating on a DMZ subnet. I haven't had time to find out why but it is possible to address this by explicitly accepting pings on the DMZ interface; modify /etc/rc.d/rc.firewall.custom:

iptables -I INPUT -i eth1 -p icmp -m icmp --icmp-type 8 -j ACCEPT # Accept pings on DMZ