... and I need some help!
Right now I have a redhat 7.2 machine set up as a firewall. I have another redhat machine behind the firewall. The external interface on the firewall machine is a public IP address. The internal interface is a private one. The webserver also has a private IP address, and is on the same network as the internal interface of the firewall.
How do I assign a public IP address to the webserver, so when something is sent to the public IP address, the firewall picks it up, and sends it on its merry way to the webserver?

I've been told to use proxy_arp, but for some reason can't understand a damn thing I've found on google. From what I gather it can only grab arp requests for an entire subnet? Not just one IP?

Could someone please explain what proxy_arp is please?
Also how can I verify that IP forwarding is enabled?

Finally what method would you use to publish a webserver from behind a firewall?

Any feedback would help out a lot!
Thank!
:D

I had a similar setup for a while... Way I did it was by doing port forwarding on 80 to the internal system... Works fine if you don't also want to run a web server on the gateway.

What if you have multiple web servers? How would port forwarding work there? I don't think that it would.

How many public ips do you have available? Only one? Then you have to use different port numbers (on the public ip) for the different web servers. Foe example, port 80 would forward to server 1, port 81 would go to server 2, etc.

Actually, I would use iptables to forward all requests to one webserver, and use virtual hosts on the recieving webserver to allocate the requests accordingly ... since as I recall you can use virtual hosting to redirect requests to other systems.

We have a about 10 public IPs we can use. I would really like to get the FW to answer ARP requests for specific IP addresses. I am not using IPTables or IPChains. I am running Checkpoint's FW-1.
I was trying to put up static ARPs on the FW machine, got strange entries when I ran arp -na to see what was in the arp tables.

I'd like to have the machines on our screened subnet to have private IP addresses, but I would like them to answer to public IP's by using static ARP's on the firewall machine.

I know we can use port forwarding and everything, but I want to refrain from using IPtables/chains. I'd also like to have as little traffic as possible sent directly to the FW's IP address.

So how does one create static ARP entries?

I'm running kernel version 2.4.9-34

Thanks for the replies too!
:)