I have an OS X server as a router box. To enable incoming connections at a certain port (say port 8500) on one of my inside machines with static IP, I configure the firewall to allow all incoming packets with destination port 8500 to pass through. NAT is utilized to get the packets. While it works, it seems rather insecure, in that any other inside machine might also request said port via NAT, and the original intended machine may not be online at the time.

I'd be more comfortable with normal port-forwarding, but I can't seem to find such a function in the OS X firewall software. Can anybody offer any ideas as to how to improve my setup? Please keep in mind that I'm rather inexperienced.

Thanks in advance.