Right now, I have a RH Linux 7.2 box set up with Checkpint's FW-1. NAT is configured to translate an incoming packet destined for a public IP to a private IP on the internal network. IP-forwarding is enabled, and everything looks like its running fine until....ARP. I would like the firewall to answer when an ARP request for the specified IP comes to the network. Then NAT should take over and route it to the proper server on the internal network.
I've run the command "arp -s <IP ADDRESS> <MAC ADDRESS> pub" , but after I run the command, restart the fw services, it still doesn't work. The sniffer on the firewall sees all the ARP requests coming through, but the firewall never answers them.

So how can I make my firewall answer ARP requests for IP addresses other than its own? I'd like to be able to specify each of the IP addresses it should answer to as well.

Is this the right way to go about putting a webserver behind a firewall? Seems like a rather simple concept, but I've never done it before.

I'm running Kernel version 2.4.9-34 as well.

I'd rather not use port forwarding either.

Any ideas?
Thanks!