My ADSL modem come switch come wireless base station come kitchen sink (almost) can be configured to port forward into the internal network. The web configuration thingy lets you specificy the externally visible port, the port to forward to and the machine to forward to. Frustratingly for the machine's address, the web configuration form only has a box for the last octet of the IP address, constraining you to only be able to forward to machines on your internal network. But it does let you save and reload the configuration.
So I saved the configuration to my machine, in the hope that it would record a full IP address, and I could edit it to point to an external machine and thereby do my evil bidding. And lo, there was much rejoicing when I discovered that the configuration file is text (and thus both easily understandable, and easily modifiable), and that it stores the full IP address. So I edited the configuration, and re-uploaded it.
The upload was accepted. Rah! But the pesky thing throws away all bar the last octect of the specified address, so it now believes that I want to forward to
192.168.#.224 rather than
foo.bar.baz.224, a co-lo box. Bah!
Back to the drawing board. And why do I want to do this? Well, because my ADSL modem is on all the time anyway, so it seems easier (and quieter) to have it doing port forwarding, rather than pass through to a machine inside the house only for that machine to forward back out again. And why am I keen on forwarding anyway? Because my ADSL is on a static IP, and doesn't run any servers on "interesting" ports such as 443, so it would be nice to present ssh daemons to the world on these ports.