Although the SmallWall webGUI only allows setting up a single IP address on the WAN interface, you can still have SmallWall accept packets destined to secondary IP addresses. It is not necessary to tell SmallWall to use these IP addresses on the WAN interface (however in some cases proxy ARP has to be used - see below), but you have to tell it what to do with packets that are sent to them. There are two possibilities:
You can use this if you have an entire subnet of public IP addresses (with SmallWall's WAN IP address not being in that subnet!).
Example: you have several servers connected to an optional interface (let's assume OPT1). Choose an IP address out of your public subnet for SmallWall's IP address on OPT1. Use it as the default gateway on all the servers connected to OPT1 (it goes without saying that you assign public IP addresses directly to the servers on OPT1 in this scenario). Make sure to get the subnet mask right on SmallWall and the OPT1 servers. Turn on advanced outbound NAT and define a rule for your LAN, but not for OPT1. This will effectively disable NAT between WAN and OPT1. Now you can add filter rules to selectively permit traffic to/from OPT1.
Use this if you want to redirect connections for different ports of a given public IP address to different hosts (define one or more of your secondary IP addresses for server NAT, then use them with inbound NAT as usual).
Use this if you have enough public IP addresses for all your servers, but can't use routing because you don't have a whole subnet.
advanced outbound NAT
Use this if you want to take control over the IP addresses that are used for outgoing connections from machines that don't have 1:1 mappings (by default, SmallWall's WAN IP address is used).
If any of the following applies to your setup, you should be fine without proxy ARP:
the additional IP addresses that you're trying to use are part of a subnet that is routed to you by your ISP (i.e. your ISP has a static route for that subnet with your SmallWall's WAN IP address as the gateway)
you're using PPPoE or PPTP on WAN
Using proxy ARP under these conditions will not achieve anything. If however you use static IP addresses or DHCP on WAN and don't have a routed subnet, adding proxy ARP entries for the additional addresses/ranges/subnets in the webGUI will make sure that SmallWall responds to ARP queries for these addresses on the WAN interface.
Adding Proxy ARP when it is not required usually will not hurt anything, so when in doubt, add it!
Do not add Proxy ARP entries for IP addresses that are not assigned to you! Most DHCP servers will attempt to do an ARP query before assigning an IP address to a client, and if you enable Proxy ARP on IP's that are not yours, they will appear to be in use to the DHCP server. We have heard of instances where people enabled Proxy ARP for their entire WAN subnet, and got disconnected because they were "taking up all the DHCP addresses." Technically you aren't taking all the leases, you're just answering ARP on all of them which is just as bad. This is typically only an issue when your WAN is an Ethernet network, but don't ever do it.
Note that it is never necessary (and strongly discouraged) to use IP aliasing on the WAN interface (by means of ifconfig commands).