There are certain aspects of Mac OS X Server that it just isn’t that great at.  One of them is acting as a router.  It’s just a fact that an appliance by SonicWALL, Cisco, Watchguard and sometimes LinkSys will run circles around the speed and feature set of Mac OS X Server.  So with that in mind, let’s look at how you would go about configuring a basic port forward on OS X Server if you decided not to listen to me on this point…  😉 You can use the /etc/net/natd.plist.  The key you’ll want to edit is the redirect_port, one per port or a range of all in one key…  Basically the array would look something like this assuming you were trying to forward afp traffic to 192.168.0.2 from a WAN IP of 4.2.2.2: <key>redirect_port</key> <array>     <dict>     <key>proto</key>         <string>TCP</string>     <key>targetIP</key>         <string>192.168.0.2</string>     <key>TargetPortRange</key>         <string>548</string>     <key>aliasIP</key>         <string>4.2.2.2</string>     <key>aliasPortRange</key>         <string>548</string>     </dict> </array>   You could also use the route command or ipfw depending on exactly what you’re trying to do with this thing.  Route is going to be useful if you’re trying to respond to network traffic over a different interface than the default interface.

By default, Mac OS X will simply give you a shell when you perform a Single User Mode startup.  However, you can force OS X to ask for a password in order to gain shell access.  To do so, vi the /etc/ttys and change secure to insecure.  Once you have done so, create a password in /etc/master.passwd for root.